1

(11 replies, posted in wolfSSL)

I've migrated to 5.1.1 and here is what my defines is at. I'm still getting the no cipher overlap problem with the latest. Wireshark capture of TLS1.3 attached.

#define WOLFSSL_ALT_NAMES
#define WOLFSSL_DER_LOAD
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define HAVE_CRL_IO
#define HAVE_IO_TIMEOUT
#define TFM_NO_ASM
#define WOLFSSL_NO_ASM
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define MICROCHIP_TCPIP
#define WOLFSSL_DTLS
#define NO_PWDBASED
#define HAVE_TLS_EXTENSIONS
#define WOLFSSL_TLS13
#define HAVE_SUPPORTED_CURVES
#define NO_ERROR_STRINGS
#define NO_OLD_TLS

/*** wolfCrypt Library Configuration ***/
#define MICROCHIP_PIC32
#define MICROCHIP_MPLAB_HARMONY
#define MICROCHIP_MPLAB_HARMONY_3
#define HAVE_MCAPI
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define NO_FILESYSTEM
#define USE_FAST_MATH
#define NO_PWDBASED
#define HAVE_MCAPI
#define WOLF_CRYPTO_CB  // provide call-back support
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
// ---------- FUNCTIONAL CONFIGURATION START ----------
#define WOLFSSL_AES_SMALL_TABLES
#define NO_MD4
#define WOLFSSL_SHA224
#define WOLFSSL_SHA384
#define NO_SHA512
#define WOLFSSL_AES_128
#define WOLFSSL_AES_192
#define WOLFSSL_AES_256
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_DECRYPT
#define HAVE_AES_ECB
#define HAVE_AES_CBC
#define HAVE_HKDF
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_OFB
#define HAVE_AESGCM
#define HAVE_AESCCM
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define HAVE_ECC
#define NO_DH
#define NO_DSA
#define FP_MAX_BITS 4096
#define USE_CERT_BUFFERS_2048
#define WC_RSA_PSS
#define NO_DEV_RANDOM
#define HAVE_HASHDRBG
#define WC_NO_HARDEN
#define FREERTOS
#define NO_ERROR_STRINGS
#define NO_WOLFSSL_MEMORY

2

(11 replies, posted in wolfSSL)

I finally got the wolfSSL 5.1.0 integrated into Harmony 3 and then compiling. I manually replaced the wolfSSL directory into the Harmony 3 folder set and then let Harmony generate the code using the updated library. When I finally got through all of that the remaining problems were:

internal.c hadn't updated and #include <system/sys_time_h2_adapter.h> instead of #include <system/tmr/sys_tmr.h>
ssl.h didn't have the correct path to compat_types.h
hmac.h didn't have include for types.h
settings.h hadn't updated correctly
wc_port.h hadn't updated correctly.

After figuring those out I was able to get it to compile with 5.1.0

Using TLS 1.2 get the following wireshark when I use a browser. wget hangs like it did before.

TLS 1.3 continues to have the same SSL_ERROR_NO_CYPHER_OVERLAP with FF. Wireshark looks the same.

3

(11 replies, posted in wolfSSL)

TLS 1.2 wireshark capture

4

(11 replies, posted in wolfSSL)

Hi Kareem,

I've added the two lines in my TLSv1.2 and TLS1.3 builds and getting the same behavior on both. Since I would prefer to be on 1.3 here is the wireshark capture using that. I'll add a 2nd reply with the one for 1.2 since I don't seem to be able to add two files.

5

(11 replies, posted in wolfSSL)

I would have to make substantial changes for the stand-alone to work on my hardware so that's not really an option.

I went back and started over adding one tiny piece at a time. I got up through the http net server working when using unencrypted http. With that working the http events were as follows:

[12/29/21 14:46:54] HTTP Net Client Open: 2, info: (null)
[12/29/21 14:46:54] HTTP Net File Serve: 7, info: dumb_page. html
[12/29/21 14:46:54] HTTP Net File Close: 8, info: dumb_page. html
[12/29/21 14:48:52] HTTP Net Client Close: 6, info: (null)

The page worked on a variety of browsers and through wget.

When I enable support encryption and server encryption in the Presentation Layer it stops working. The default encryption is TLS1.2 instead of 1.3, but if it worked I could live with it. With a browser I get the certificate warning and I can view the wolfSSL certificate, but it never serves the webpage.

wget tries to make a single connection and gets stuck at:

Connecting to 192.168.1.164:443... connected.

Only the HTTP Net Client Close event shows up when I stop the stuck connection. I've attached the wireshark for a wget connection.

6

(11 replies, posted in wolfSSL)

Hi Eric,

I'm trying to add a HTTPNET server to an existing product which already has FTP server and UDP sockets in use for it's other functions. This means I'm trying to use the sample projects to correctly add all of this into a more complicated project.

I'm not getting any successful connections on the server. When I try wget I get the following results.

$ wget https://192.168.1.98
--2021-12-09 15:13:02--  https://192.168.1.98/
Connecting to 192.168.1.98:443... connected.
OpenSSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Unable to establish SSL connection.

FFox is giving this: SSL_ERROR_NO_CYPHER_OVERLAP

I have found and tried some forum comments related to adding the curve 25519 in various configurations but it hasn't helped. I'm kinda leaning on Harmony for this since web and encryption are outside of my experience.

wolfSSL v4.7.0
FreeRTOS 10.3.1

I'm adding a web server to an embedded product which uses the Microchip PIC32 processor. This is my first project with an embedded web server and the associated TLS. Using Microchips Harmony 3 I added the server and encryption and got it compiling and not crashing when making a browser request to the web server after increasing the heap size.

The problem is that whatever I do now I keep getting a Handshake Failure (40) when trying to connect to the server. I've attached a screenshot of the wireshark capture and the wolfSSL config. Any pointers would be greatly appreciated.

#define TCPIP_HTTP_NET_MALLOC_FUNC                  pvPortMalloc
#define TCPIP_HTTP_NET_FREE_FUNC                    vPortFree

#define WOLFSSL_ALT_NAMES
#define WOLFSSL_DER_LOAD
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define HAVE_CRL_IO
#define HAVE_IO_TIMEOUT
#define TFM_NO_ASM
#define WOLFSSL_NO_ASM
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define MICROCHIP_TCPIP
#define HAVE_FFDHE_2048
#define WOLFSSL_DTLS
#define NO_PWDBASED
#define HAVE_TLS_EXTENSIONS
#define WOLFSSL_TLS13
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_POST_HANDSHAKE_AUTH
#define NO_ERROR_STRINGS
#define NO_OLD_TLS
#define HAVE_HKDF



/*** wolfCrypt Library Configuration ***/
#define MICROCHIP_PIC32
#define MICROCHIP_MPLAB_HARMONY
#define MICROCHIP_MPLAB_HARMONY_3
#define HAVE_MCAPI
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define NO_FILESYSTEM
#define USE_FAST_MATH
#define NO_PWDBASED
#define HAVE_MCAPI
#define WOLF_CRYPTO_CB  // provide call-back support
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
// ---------- FUNCTIONAL CONFIGURATION START ----------
#define NO_MD4
#define WOLFSSL_SHA224
#define WOLFSSL_AES_128
#define WOLFSSL_AES_192
#define WOLFSSL_AES_256
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_DECRYPT
#define HAVE_AES_ECB
#define HAVE_AES_CBC
#define WOLFSSL_AES_COUNTER
#define HAVE_AESGCM
#define HAVE_AESCCM
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define HAVE_ECC
#define HAVE_X963_KDF
#define HAVE_DH
#define FP_MAX_BITS 4096
#define USE_CERT_BUFFERS_2048
#define WC_RSA_PSS
#define NO_DEV_RANDOM
#define HAVE_HASHDRBG
#define WC_NO_HARDEN
#define FREERTOS
#define NO_ERROR_STRINGS
#define NO_WOLFSSL_MEMORY