1 Reply by cxnb

(5 replies, posted in wolfSSL)

Thanks for the update... On my Windows x64 test build, I am setting the following in options in wolfcrypt/settings.h.  This is for build 3.13.0.  Let me know if this helps.  Thanks.

#define IGNORE_KEY_EXTENSIONS
#define NO_CYASSL_SERVER
#define NO_SESSION_CACHE
#define NO_FILESYSTEM
#define NO_CERT
#define NO_MD4
#define NO_DH

#define WOLFSSL_ALLOW_NO_SUITES
#define WC_NO_HARDEN
#define WC_RSA_BLINDING

#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA

#define WOLFSSL_ALLOW_TLSV10

#define USE_WOLFSSL_MEMORY
#define XSTREAM_ALIGN
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define XGEN_ALIGN __declspec(align(WOLFSSL_GENERAL_ALIGNMENT))
#define HAVE_ALL_CURVES
#define AES_MAX_KEY_SIZE 256
#define HAVE_AES_DECRYPT
#define HAVE_AES_CBC
#define WOLFSSL_MIN_AUTH_TAG_SZ 12
#define RSA_DECODE_EXTRA
#define ECC_DECODE_EXTRA
#define WC_ASYNC_DEV_SIZE 0
#define WOLFSSL_ALERT_COUNT_MAX 5

Go to forum: wolfSSL

2 Topic by cxnb

(5 replies, posted in wolfSSL)

I'm having trouble getting TLS 1.2 to connect on the wolfSSL_connect function on some sites.  Sites like [digicert.com] and [godaddy.com] are fine.  Sites like [rapidssl.com] and [comodo.com] typically return a last error of -313 or -308. 

Has anyone seen this and have a recommendation on what to build the sdk ciphers with?  I have duplicated it on many platforms but focusing on windows x64 (windows server 2016 and windows 10) for debugging purpose.  I put some sample code below...  Thanks.

   WOLFSSL_CTX* pCTX;
   WOLFSSL* pSSL;
   WOLFSSL_METHOD* pMethod;
   int nEC;
   int nRC;

   pMethod = wolfTLSv1_2_client_method();
   pCTX = wolfSSL_CTX_new(pMethod);
   wolfSSL_CTX_set_verify(pCTX, WOLFSSL_VERIFY_NONE, 0);

   pSSL = wolfSSL_new(pCTX);
   nRC = wolfSSL_set_fd(pSSL, hSocket);

   nRC = wolfSSL_connect(pSSL);
   nEC = wolfSSL_get_error(pSSL, nRC);

   // errors typically from target of [rapidssl.com] and [rapidssl.com] are -313 and -308

   // site like www.digicert.com amd [digicert.com] and [godaddy.com] work fine

Go to forum: wolfSSL