Hi asn,

Welcome to the wolfSSL Forums.

You should not add configuration defines in the source files. This will always result in undefined behavior.

This is the preferred method for configuring the library:
https://www.wolfssl.com/using-user_settings-h-wolfssl/

Yes, you can build wolfSSL for PPC. The environment variable `__ppc__` will be detected to set up the correct settings for that architecture.

Let us know if there are questions.

Thanks,
Eric - wolfSSL Support

Hello James,

Thanks for joining the wolfSSL Forums. wolfSSL does not currently support ECC571. I can help you open an official feature request. Please email support@wolfssl.com to get the process started.

Kind regards,
Eric - wolfSSL Support

Hi bp787

Are you trying to do a bi-directional shutdown?

Does the server respond with anything after the first shutdown? Do you have a pcap of the interaction?

Thanks,
Eric - wolfSSL Support

Hello Jens,

Thanks for joining the wolfSSL Forums.

Yes, we implemented Karatsuba in 2022:
https://github.com/wolfSSL/wolfssl/pull/4853
You'll see some comparison benchmarks in the comments of that PR

Have you checked out our wolfBoot project?
https://github.com/wolfSSL/wolfBoot
https://github.com/wolfSSL/wolfBoot/blo … md#stm32h7

Feel free to email us at support@wolfssl.com with any questions.

Kind regards,
Eric - wolfSSL Support

Hi Nicolas,

Welcome to the forums!

My colleague is going to review and provide a response for you.

Thanks,
Eric - wolfSSL Support

I just meant that maybe you could setup a reproducer using the certs you are trying

The keygen component is present in source, but there is not a separate utility (yet)
https://github.com/wolfSSL/wolfssh/blob … c/keygen.c

It looks like the listenAddress option is not fully supported yet.

Thanks for sharing the log inline....

From the log, the peer sent a "decrypt error" alert:

received record layer msg
got ALERT!
Alert type: decrypt_error
wolfSSL error occurred, error = 51 line:20389 file:src/internal.c
wolfSSL error occurred, error = 313 line:12991 file:src/ssl.c

So the peer was not able to decode the message and quit the handshake.

Can you provide more info about the server?

Hi bp787

Thanks for joining the wolfSSL forums. I'm glad to hear that you were able to resolve the build issues.

> However, i'm still SUPER unclear if this is the correct way to go about it or if there's a better/cleaner route

I would say use the client-tls-pkcs12 example as a base and change it to DTLS. Then you should be able to test connecting to the wolfSSL example server, using the -u option to specify DTLS.

Could you tell us more about your project using wolfSSL? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

Hi parmstrong3

Thanks for joining the wolfSSL forums. I am requesting our ESP32 expert to chime in here.

Could you tell us a bit about your project? Feel free to email support@wolfssl.com if you'd prefer a less public venue.

Thanks,
Eric - wolfSSL Support

Where you put the define depends on how you are building the library. If you are using the --enable-usersettings option, than add this to user_settings.h
#define RSA_MIN_SIZE 2048

Else you can add it on the configure line with:
./configure CFLAGS="-DRSA_MIN_SIZE=2048"

Yes you will need to rebuild the library.

Hello bohuynh315

Welcome to the wolfSSL Forums. Can you tell us a bit about what you are working on and the high-level overview of the project to help us better classify this inquiry? Thank you in advance!

You can use the wolfSSL_get_ciphers API to get a list of the currently available ciphers. Here is an example:
https://github.com/wolfSSL/wolfssl/blob … #L267-L274

Thanks,
Eric - wolfSSL Support