You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → Enabling curve extensions
for TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 the curve extension are not being set in the Hello Packet.
This Causes the Cipher to be ignored by the server.
ie:
extension_type=supported_groups(10), length=12
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
secp256r1 (P-256) (23)
secp224r1 (P-224) (21)
How are these enabled?
Is there a document indicating what compile options are required for each cipher?
Hi Neil,
You will need to call wolfSSL_UseSupportedCurve or wolfSSL_CTX_UseSupportedCurve before connecting to enable this: https://www.wolfssl.com/documentation/m … ortedcurve
To enable SECP curves, you will need to define HAVE_ECC, HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES. You can find an example of these and other commonly required settings here: https://github.com/wolfSSL/wolfssl/blob … template.h
We don't have a document for what options are required for each cipher suite, but for the most part they just need the TLS version and algorithms used in the cipher suite to be enabled. That specific cipher suite requires:
#define HAVE_ECC
#define HAVE_AESGCM
#undef NO_SHA256
#undef NO_RSAIf you continue to run into issues, please include your wolfSSL version and build settings (user_settings.h or ./configure line).
Thanks,
Kareem
wolfSSL - Embedded SSL Library → wolfSSL → Enabling curve extensions
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.009 seconds (50% PHP - 50% DB) with 11 queries