Tested TLS 1.3 cipher suite with gRPC C++ version 1.46.3, but it is still
not working. Will TLS 1.3 support be added to the C++ layer soon?
Thanks,
Eddie.
On Wednesday, December 15, 2021 at 8:38:22 PM UTC-5 Zhen Lian wrote:
> Most likely that cipher suite is not supported by gRPC. If I remember
> correctly, gRPC C++ currently only supports TLS 1.2. We used to plumb the
> field for selecting TLS 1.3 under core, but never got a chance to expose
> it to the C++ layer. So in short: you can't use
> "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" in gRPC right now...
>
> On Friday, December 10, 2021 at 2:15:19 PM UTC-8 mare...@gmail.com wrote:
>
>> Hello,
>>
>> I'm trying to force grpc (C++) to use only TLS 1.3 ciphers via the
>> environment variable:
>>
>> export
>> GRPC_SSL_CIPHER_SUITES=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
>>
>> However, when I try to run the grpc server it errors out:
>>
>> E1210 14:02:58.379895519 2232804 ssl_transport_security.cc:828] Invalid
>> cipher list: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256.
>> E1210 14:02:58.379963852 2232804 ssl_security_connector.cc:268]
>> Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
>> E1210 14:02:58.380010816 2232804 server_secure_chttp2.cc:124]
>> {"created":"@1639173778.379988900","description":"Unable to create secure
>> server with credentials of type
>> Ssl","file":"_deps/grpc-src/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":104}
>>
>> Is there anything specific I need to set when generating my TLS
>> certificates?
>>
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/2679d72e-92e8-4146-a51d-74fb261a5ea3n%40googlegroups.com.
