Thanks for responding. Yes, I have done the steps mentioned above. Here are my settings:
int min_version = TLS1_3_VERSION, max_version = TLS1_3_VERSION; meth = isClient ? tlsv1_3_client_method() : tlsv1_3_server_method(); //meth = isClient ? TLS_client_method() : TLS_server_method(); /////////////////////////////////////////////////////////// // Create new SSL context using the chosen SSL_METHOD ctx = SSL_CTX_new(meth); if (ctx == NULL) { // throw error } if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) { // throw error } if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) { // throw error } // Configure SSL to use the cipher suite specified // TLS1_3_TXT_AES_128_GCM_SHA256 // ./include/openssl/tls1.h:# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" int set_cipher; if (! (set_cipher = SSL_CTX_set_cipher_list(ctx, cipherSuite.c_str())) ) { throw (InvalidTestConfiguration("OpenSslApi::OpenSslInitContext", "Failed to set ciphers")); } The set_min_proto/set_max_proto calls succeed. If I want to get the AES_128_GCM_SHA256 Cipher for TLS 1.3 to be used, are these the steps to be used? Should I instead, select also, AES128-GCM-SHA256 a TLS 1.2 cipher in the list, and set the min_proto to TLS 1.2, and max_proto to 1.3 ? I need to avoid hitting the default case below: static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s) { OSSL_STATEM *st = &s->statem; /* * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated * TLSv1.3 yet at that point. They are handled by * ossl_statem_client_write_transition(). */ switch (st->hand_state) { default: " On Mon, Sep 18, 2017 at 5:40 AM, Benjamin Kaduk <bka...@akamai.com> wrote: > On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote: > > Hi, > > I am sending a Tls 1.3 client hello, and am seeing an issue with > > ossl_statem_client_write_transition in statem_clnt.c. > > > /* > * Note that immediately before/after a ClientHello we don't know what > * version we are going to negotiate yet, so we don't take this branch > until > * later > */ > > /* > * ossl_statem_client_write_transition() works out what handshake state to > * move to next when the client is writing messages to be sent to the > server. > */ > WRITE_TRAN ossl_statem_client_write_transition(SSL *s) > { > > if (SSL_IS_TLS13(s)) > return ossl_statem_client13_write_transition(s); > } > > And in: > > > /* > * ossl_statem_client_write_transition() works out what handshake state to > * move to next when the client is writing messages to be sent to the > server. > */ > WRITE_TRAN ossl_statem_client_write_transition(SSL *s) > { > > /* > * Note: There are no cases for TLS_ST_BEFORE because we haven't > negotiated > * TLSv1.3 yet at that point. They are handled by > * ossl_statem_client_write_transition(). > */ > > switch (st->hand_state) { > default: > /* Shouldn't happen */ > return WRITE_TRAN_ERROR; > > } > > With a TLS 1.3 client hello, using tls 1.3 version, the st->hand_state is > > > Sorry, I just want to clarify what you are doing -- are you taking > SSL_CTX_new(TLS_method()) and then calling SSL_CTX_set_min_proto_version(ctx, > TLS1_3_VERSION) and SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)? > > I note that there is no version-specific TLSv1_3_method() available, and > in any case, it's of questionable wisdom to attempt to force TLS 1.3 only > while the specification is still in draft status -- in any case where the > client and server implementations are not tightly controlled, negotiation > failures seem quite likely. > > TLS_ST_BEFORE and so, the default error is returned. > > When I added : > > case TLS_ST_BEFORE: > st->hand_state = TLS_ST_CW_CLNT_HELLO; > return WRITE_TRAN_CONTINUE; > > > The reason there is not currently a case for TLS_ST_BEFORE is that whether > or not we're going to be using TLS 1.3 is supposed to be determined on the > server as part of version negotiation, so when we're sending a ClientHello, > our version is in an indeterminate status -- the general-purpose TLS method > must be used at that part of the handshake. > > The client hello gets sent out, but I only saw a TLS 1.2 version being > sent. > Is this a bug? > > > The legacy_version field in a TLS 1.3 ClientHello will be 0x0303, matching > the historical value for TLS 1.2. The actual list of versions are conveyed > in a "supported_versions" extension, which is what you need to be looking > at. > > -Ben >
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev