You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by bsda_dev
Pages 1
Thanks. Looks like that's working for me.
I have an application that includes an embedded webserver and want it to periodically check another server for updated data by runnning as a client. I integrated a version of the wolfSSL client example (which works fine as a stand-alone application) with my server and created CTX and SSL objects dedicated to client operations. When I run it the application the server, which is set up first, works fine but when I run the client I get this:
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
Connected to 192.168.1.76
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -344
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -344
wolfSSL Entering ERR_error_string
TLS Connect Error: wrong client/server type
SSL version is wolfSSL Entering wolfSSL_get_version
TLSv1.3
wolfSSL Entering wolfSSL_get_cipher
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering wolfSSL_CIPHER_get_name
SSL cipher suite is NONE
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_accept_TLSv13()
ProcessReply retry in error state, not allowed
wolfSSL error occurred, error = -344
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -344
wolfSSL Entering ERR_error_string
TLS Write Error: wrong client/server type
wolfSSL Entering SSL_shutdown()
growing output buffer
wolfSSL error occurred, error = -308
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking output buffer
Is this not a supported mode of operation?
I generated a new test cert today with OpenSSL to compare performance using a secp384r1 key to that I've observed using prime256v1. I uncommented HAVE_ECC384 in user_settings.h, made a build and wolfSSL_CTX_use_certificate_buffer() and wolfSSL_CTX_use_PrivateKey_buffer() happily consumed both the cert and key.
But when I tried to establish a browser connection using both Chrome and Opera (latest versions of each) they reported an unspecified protocol error.
Before I invest time investigating this, do you know if this doesn't work because the secp384r1 curve isn't supported by these browsers?
I made a build today using the latest wolfSSL source from https://github.com/wolfSSL/wolfssl/tree … crypt/src, defined WOLFSSL_TLS13 in user_settings.h and use
method = wolfTLSv1_3_server_method(); when I initialize the wolfSSL library. But when I test with the latest version of Chrome it still uses TLS1.2 (though it is 6% slower, presumably because it's trying to use TLS1.3 and failing). In Chrome Developer Tools I see the following under "Security":
The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_ECDSA with P-256, and AES_128_GCM.
Wireshark capture confirms that TLS1.2 is being used.
What more must I do to force the use of TLS1.3?
Pages 1
wolfSSL - Embedded SSL Library → Posts by bsda_dev
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (96% PHP - 4% DB) with 4 queries