Comments (2)
anhu
commented on May 26, 2024
Hi @mandree,
My name is Anthony and I am a member of the wolfSSL team. Can you please let me know what configuration flags you are using?
*alg_bits is set if you have OPENSSL_ALL defined. If you use configure , add --enable-opensslall .
Can you also please let us know a bit about yourself and your project? For example, Where are you located? Are you using wolfSSL in a personal, academic or professional project? Are there any institutions associated with this project? What are you trying to achieve? We love knowing about how people are using our code. Please feel free to share whatever you comfortable with.
Warm regards, Anthony
from wolfssl.
mandree
commented on May 26, 2024
Hi Anthony, this is a finding I've had with the open-source fetchmail project (https://www.fetchmail.info/ or https://gitlab.com/fetchmail/fetchmail on the legacy_6x branch) that I maintain and where wolfSSL might be easier to link to license-wise whilst still supporting TLS v1.3.
The most recent I'd tested is wolfSSL from said git commit (see initial report, above) with
a sub-directory to build and then:
CONFIG_SHELL=/bin/sh /bin/sh ../configure -C --enable-context-extra-user-data --enable-debug --enable-opensslall --enable-harden --prefix=/opt/wolfssl CFLAGS='-O2 -DOPENSSL_COMPATIBLE_DEFAULTS -g'
I am running this with wolfSSL 5 against two sites, once forcing TLSv1.2, once forcing TLSv1.3, and get:
Mar 30 15:50:46 fetchmail: SSL/TLS: using protocol TLSv1.2, cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256/-9999 secret/processed bits
Mar 30 15:50:46 fetchmail: SSL/TLS: using protocol TLSv1.2, cipher TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 128/-9999 secret/processed bits
Mar 30 15:50:47 fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/-9999 secret/processed bits
Mar 30 15:50:47 fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_128_GCM_SHA256, 128/-9999 secret/processed bits
Compare this with an OpenSSL 3.1.1 (probably with some patches) provided for Fedora Linux:
fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, 256/256 secret/processed bits
fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-ECDSA-CHACHA20-POLY1305, 256/256 secret/processed bits
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
fetchmail: SSL/TLS: using protocol TLSv1.3, cipher TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits
Example code - I already initialize the output field to -9999 here to mark it's not being dealt with - and "garbage" might be whatever we find on the stack, and I previously saw that and worked around it in fetchmail.
if (outlevel >= O_VERBOSE) {
SSL_CIPHER const *sc;
int bitsalg = -9999, bitsused; /* initialize bitsalg to avoid picking up random garbage with WolfSSL, which does not fill this, as of 5.6.6 */
const char *vers;
vers = SSL_get_version(_ssl_context[sock]);
sc = SSL_get_current_cipher(_ssl_context[sock]);
if (!sc) {
report (stderr, GT_("Cannot obtain current SSL/TLS cipher - no session established?\n"));
} else {
bitsused = SSL_CIPHER_get_bits(sc, &bitsalg);
report(stdout, ("SSL/TLS: using protocol %s, cipher %s, %d/%d secret/processed bits\n"),
vers, SSL_CIPHER_get_name(sc), bitsused, bitsalg);
}
}
from wolfssl.
Related Issues (20)
- [Bug]: ClientHello's status_request extension handling issue HOT 10
- [Bug]: ClientHello's handshake version issue HOT 7
- ld: warning: alignment (4) of atom '_cpuFlagsSet' from '...x25519_asm.o' is too small and may result in unaligned pointers HOT 1
- gpg --verify failure HOT 2
- [Bug]: Chacha20_poly1305 WolfSSL and OpenSSL produce same ciphertext but different tags HOT 8
- How to bundle this lib with FetchContent/ExternalProject to find it later with pkg_check_modules? HOT 5
- Arduino Nano ESP32 examples fail to build in Arduino IDE HOT 1
- [Suggestion] Consider defaulting WOLFSSL_ALT_CERT_CHAINS to ON ( Failed to verify CA from chain error ) HOT 2
- [Bug]: a potiential divide by zero exception HOT 1
- Add a function to derive default ciphers HOT 12
- wolfSSL_get_verify_result always fails HOT 1
- DTLS1.3 and PQC not working as TLS1.3 HOT 6
- [Bug]: wolfSSL QUIC handshake failure HOT 4
- [Bug, openSSL compatibility]: HOT 2
- [Bug]: Heap-Buffer-Overflow in `add_rec_header` HOT 2
- Problem with Base64_Decode() HOT 1
- [Bug]: X509_NAME_cmp returns != 0 for subject names that only differ in capitalization HOT 2
- To be removed
- [Bug]: CMakeLists.txt is out of sync with latest `configure.ac` HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wolfssl.