Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WolfSSL esp_tls TLS1.3 configuration issue (IDFGH-6683) #8313

Closed
klassen9 opened this issue Jan 28, 2022 · 2 comments
Closed

WolfSSL esp_tls TLS1.3 configuration issue (IDFGH-6683) #8313

klassen9 opened this issue Jan 28, 2022 · 2 comments
Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally

Comments

@klassen9
Copy link
Contributor

This can cause problems when trying to run WolfSSL in TLS1.3 only mode.

esp-idf/components/esp-tls/esp_tls_wolfssl.c

Line 171 in 84d11d1

tls->priv_ctx = (void *)wolfSSL_CTX_new(wolfTLSv1_2_client_method());

esp-idf/components/esp-tls/esp_tls_wolfssl.c

Line 313 in 84d11d1

tls->priv_ctx = (void *)wolfSSL_CTX_new(wolfTLSv1_2_server_method());

@espressif-bot espressif-bot added the Status: Opened Issue is new label Jan 28, 2022
@github-actions github-actions bot changed the title WolfSSL esp_tls TLS1.3 configuration issue WolfSSL esp_tls TLS1.3 configuration issue (IDFGH-6683) Jan 28, 2022
@AdityaHPatwardhan
Copy link
Collaborator

Hi @klassen9 Thanks for the issue.
I think using the wolfSSL23_client_method(); would be appropriate here, as the API is able to downgrade to appropriate version which has been selected by menuconfig.
I will make the change in the IDF.

@klassen9
Copy link
Contributor Author

Isnt the wolfSSL23_client_method() funktion used for SSLv2 and SSLv3? I think that funktion is outdated because SSLv2 and SSLv3 are deprecated.

My proposed change is to add a compiler switch, checking if WOLFSSL_TLS13 is defined. If not, the wolfTLSv1_2_xy_method() is called.

@klassen9 klassen9 mentioned this issue Feb 25, 2022
Closed
@espressif-bot espressif-bot added Status: In Progress Work is in progress Resolution: NA Issue resolution is unavailable Status: Done Issue is done internally Resolution: Done Issue is done internally and removed Status: Opened Issue is new Status: In Progress Work is in progress Resolution: NA Issue resolution is unavailable labels Mar 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Resolution: Done Issue is done internally Status: Done Issue is done internally
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add WolfSSL esp_tls TLS1.3 configuration option (IDFGH-6838) klassen9/esp-idf
3 participants
@AdityaHPatwardhan @espressif-bot @klassen9