You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by oleksandr.tymoshenko
Pages 1
Hello guys!
I use this thing from Espressif.
https://github.com/espressif/esp-wolfss … sdk_v2.x.x
Everything works perfect but I can see one strange moment - when I am compiling my application the wolfSSL is compiling too. Each time it is fully recompiled. This take a lot of time. Is here anyone who know why?
Is this a normal behavior for wolfSSL or here I have bad configuration of makefiles for namely this example?
Best regards, Alex.
It is solved.
The main reason why the device failed to connect to the server is missing the wolfSSL_CTX_UseSNI call. So when I added it, my device connected to the server.
if (sniHostName)
if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
printf("UseSNI failed\n");
}
Where sniHostName is static char* sniHostName. It is the name of my server
I wish you all good luck! ))))
We added on the server missing cipher suites but that did not help.
When I try to connect using of openssl I can connect only if I use -servername option. For example:
openssl s_client -CAfile ca.pem -tls1_2 -host iot-stg.dealor.co.il -port 443 -servername iot-stg.dealor.co.il
What does mean this? How can I use this when working with library?
Regards, Alex.
I connected to www.howsmyssl.com and this server said that this is my cipher suite:
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
"TLS_RSA_WITH_AES_256_CBC_SHA256"
"TLS_RSA_WITH_AES_128_CBC_SHA256"
"TLS_RSA_WITH_AES_256_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA"
Also I got cipher suite for server
https://www.ssllabs.com/ssltest/analyze … alor.co.il
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
I can see that the server and client has common cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
But a connection is not establishing
Hi Kaleb!
Thank you for rapid an answer! ))
Those defines added but it did not help.
It is a list of defines for my wolfSSL:
#define WOLFSSL_LWIP
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define NO_INLINE
#define NO_WOLFSSL_MEMORY
#define HAVE_PK_CALLBACKS
#define WOLFSSL_KEY_GEN
#define WOLFSSL_RIPEMD
#define USE_WOLFSSL_IO
#define WOLFSSL_STATIC_RSA
#define NO_DH
#define NO_MD4
#define NO_DES3
#define NO_DSA
#define NO_RC4
#define NO_RABBIT
#define HAVE_ECC
#define WC_NO_HARDEN
#define FREERTOS
#define WOLFSSL_TYPES
#define NO_FILESYSTEM
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_ALLOW_TLSV10
#define WOLFSSL_SMALL_STACK
#define SMALL_SESSION_CACHE
// It was edded by me
#define HAVE_CURVE25519
#define DEBUG_WOLFSSL
Hi guys!
I am sorry for disturbing you but we have a problem with wolfSSL:
https://github.com/espressif/esp-wolfss … sdk_v2.x.x
I am trying to connect to the customer's server through a tls connection. I received CA file from him and I can connect to his server using, for example, openssl utility.
openssl s_client -CAfile ca.pem -tls1_2 -host iot-stg.dealor.co.il -port 443 -servername iot-stg.dealor.co.il
It is output of this command:
SSL handshake has read 3414 bytes and written 298 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 8BB90C08D0FD7639681B9DDCA96EDD6C5000FA550CC27B2E6144ABB5657C0BAE
Session-ID-ctx:
Master-Key: 2429B05412CB4451FB28A572672C94F3FF69FCBECB3BC8D54A1961CA41AD8D97E418B1CE0A15AA269B5024CADDAF1CB6
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 600 (seconds)
TLS session ticket:
0000 - 2f da 6a 7e 61 31 8f d1-f7 b0 a7 58 53 94 7d e5 /.j~a1.....XS.}.
0010 - d1 84 91 26 34 f6 fe d4-68 11 5f 26 bf a8 79 0e ...&4...h._&..y.
0020 - 1b 66 0f f3 88 9c e3 1f-e1 04 ac b5 4a 65 32 68 .f..........Je2h
0030 - 33 67 31 e4 71 16 85 88-d6 39 44 ae fc 99 aa 2b 3g1.q....9D....+
0040 - a9 40 b2 2b fa fa ed ee-65 cd cd a8 f8 bd 24 08 .@.+....e.....$.
0050 - 36 49 02 96 35 e9 bb 79-5f 39 76 90 bb d1 ef 87 6I..5..y_9v.....
0060 - bc 08 6f 6c 2b 61 b1 df-4a 24 5d 86 70 22 18 b6 ..ol+a..J$].p"..
0070 - f4 5b a1 d8 d4 2f 5d 72-93 65 84 24 77 29 49 2e .[.../]r.e.$w)I.
0080 - 2f 45 0b 7b 6a b8 ef f3-b1 cc 5d 75 52 56 32 25 /E.{j.....]uRV2%
0090 - 1e aa 30 f9 43 89 f8 83-b2 7e 85 19 45 0c 19 44 ..0.C....~..E..D
00a0 - d8 51 8a 28 67 03 3b fb-dc aa dc 30 01 ba 7d d3 .Q.(g.;....0..}.
00b0 - 6c 96 21 9f 15 61 9f 50-46 39 82 cb 97 09 99 57 l.!..a.PF9.....W
00c0 - 2b 48 34 fd f2 4c 48 fb-74 1f a8 95 30 b0 43 7c +H4..LH.t...0.C|
Start Time: 1542192588
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
But I can’t connect from your demo example.
What can be wrong?
The project, its log and CA file are attached to this message.
Thank you in advance.
Regard, Alex.
Pages 1
wolfSSL - Embedded SSL Library → Posts by oleksandr.tymoshenko
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.015 seconds (96% PHP - 4% DB) with 4 queries