Tested TLS 1.3 cipher suite with gRPC C++ version 1.46.3, but it is still not working. Will TLS 1.3 support be added to the C++ layer soon?
Thanks, Eddie. On Wednesday, December 15, 2021 at 8:38:22 PM UTC-5 Zhen Lian wrote: > Most likely that cipher suite is not supported by gRPC. If I remember > correctly, gRPC C++ currently only supports TLS 1.2. We used to plumb the > field for selecting TLS 1.3 under core, but never got a chance to expose > it to the C++ layer. So in short: you can't use > "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" in gRPC right now... > > On Friday, December 10, 2021 at 2:15:19 PM UTC-8 mare...@gmail.com wrote: > >> Hello, >> >> I'm trying to force grpc (C++) to use only TLS 1.3 ciphers via the >> environment variable: >> >> export >> GRPC_SSL_CIPHER_SUITES=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 >> >> However, when I try to run the grpc server it errors out: >> >> E1210 14:02:58.379895519 2232804 ssl_transport_security.cc:828] Invalid >> cipher list: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256. >> E1210 14:02:58.379963852 2232804 ssl_security_connector.cc:268] >> Handshaker factory creation failed with TSI_INVALID_ARGUMENT. >> E1210 14:02:58.380010816 2232804 server_secure_chttp2.cc:124] >> {"created":"@1639173778.379988900","description":"Unable to create secure >> server with credentials of type >> Ssl","file":"_deps/grpc-src/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":104} >> >> Is there anything specific I need to set when generating my TLS >> certificates? >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/2679d72e-92e8-4146-a51d-74fb261a5ea3n%40googlegroups.com.