Ok, here it is. It compiled mostly ok (some fixes for solaris 2.6, like inttypes.h instead of stdint). The test suite fails (dubious error).
*Tls 1.2 works* just fine (*openssl s_client -connect google.com:443 <http://google.com:443> -tls1_2 -trace*) but *Tls 1.3 fails* starting when the *ApplicationData *record is received. I added some log to know what it does. It uses cipher *AES_256_GCM_SHA384*. It fails in *EVP_DecryptFinal_ex*, as you can see, the 16 bytes don't match. I compiled OpenSSL with the exact same flags on ubuntu, and it doesn't have the issue on this os. crypto/evp/evp_enc.c:590 cipher nid 901 crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3 crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0 crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b crypto/modes/gcm128.c:1912 after xor: crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053 crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984 crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp len=16 f8^2c 09^7e 2c^a9 29^77 90^80 23^c4 00^72 53^98 41^3b 53^e0 79^0a c4^08 3d^5e e6^89 49^c9 84^f9 crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp crypto/modes/gcm128.c:1932 ret = 255 Here is the full log (sorry) : bash-3.2# ./openssl s_client -connect google.com:443 -tls1_3 -trace ssl/ssl_lib.c:823 ssl/ssl_lib.c:825 ssl/ssl_lib.c:653 CONNECTED(00000005) ssl/ssl_lib.c:653 ssl/record/rec_layer_s3.c:1056 ssl/record/rec_layer_s3.c:1059 ssl/record/rec_layer_s3.c:1062 Sent Record Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 229 ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=0 s->enc_write_ctx=0x00000000 ssl/record/rec_layer_s3.c:1076 ssl/record/rec_layer_s3.c:1079 ClientHello, Length=225 client_version=0x303 (TLS 1.2) Random: gmt_unix_time=0xEC7463F6 random_bytes (len=28): 08D00001DEAC51B17E7F98F63D3BB21F3406961A6460434C4BBA5DD0 session_id (len=32): FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6 cipher_suites (len=8) {0x13, 0x02} TLS_AES_256_GCM_SHA384 {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256 {0x13, 0x01} TLS_AES_128_GCM_SHA256 {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression_methods (len=1) No Compression (0x00) extensions, length = 144 extension_type=server_name(0), length=15 0000 - 00 0d 00 00 0a 67 6f 6f-67 6c 65 2e 63 6f 6d ..... google.com extension_type=ec_point_formats(11), length=4 uncompressed (0) ansiX962_compressed_prime (1) ansiX962_compressed_char2 (2) extension_type=supported_groups(10), length=12 ecdh_x25519 (29) secp256r1 (P-256) (23) ecdh_x448 (30) secp521r1 (P-521) (25) secp384r1 (P-384) (24) extension_type=session_ticket(35), length=0 extension_type=encrypt_then_mac(22), length=0 extension_type=extended_master_secret(23), length=0 extension_type=signature_algorithms(13), length=30 ecdsa_secp256r1_sha256 (0x0403) ecdsa_secp384r1_sha384 (0x0503) ecdsa_secp521r1_sha512 (0x0603) ed25519 (0x0807) ed448 (0x0808) rsa_pss_pss_sha256 (0x0809) rsa_pss_pss_sha384 (0x080a) rsa_pss_pss_sha512 (0x080b) rsa_pss_rsae_sha256 (0x0804) rsa_pss_rsae_sha384 (0x0805) rsa_pss_rsae_sha512 (0x0806) rsa_pkcs1_sha256 (0x0401) rsa_pkcs1_sha384 (0x0501) rsa_pkcs1_sha512 (0x0601) extension_type=supported_versions(43), length=3 TLS 1.3 (772) extension_type=psk_key_exchange_modes(45), length=2 psk_dhe_ke (1) extension_type=key_share(51), length=38 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): ED28A72CB2111BBB8BB7716D0FB83A4748C884BB462A83D6E1AB156FE0712E3F ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record ssl/record/ssl3_record.c:197 ssl3_get_record called Received Record Header: Version = TLS 1.2 (0x303) Content Type = Handshake (22) Length = 122 ssl/record/ssl3_record.c:465 ssl/record/ssl3_record.c:497 ssl/record/ssl3_record.c:531 ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x10000 ssl/record/ssl3_record.c:537 enc_err=1 ssl/record/ssl3_record.c:575 ssl/record/ssl3_record.c:586 ssl/record/ssl3_record.c:655 ssl/record/ssl3_record.c:701 ssl/record/ssl3_record.c:705 ssl/record/ssl3_record.c:721 ssl/record/ssl3_record.c:762 ssl/record/ssl3_record.c:813 ssl/record/ssl3_record.c:827 ssl/record/rec_layer_s3.c:1312 ssl/record/rec_layer_s3.c:1318 ssl/record/rec_layer_s3.c:1320 ssl/record/rec_layer_s3.c:1329 ssl/record/rec_layer_s3.c:1335 ssl/record/rec_layer_s3.c:1341 ssl/record/rec_layer_s3.c:1345 ssl/record/rec_layer_s3.c:1354 ssl/record/rec_layer_s3.c:1360 ssl/record/rec_layer_s3.c:1367 ssl/record/rec_layer_s3.c:1381 ssl/record/rec_layer_s3.c:1389 ssl/record/rec_layer_s3.c:1403 ssl/record/rec_layer_s3.c:1412 ssl/record/rec_layer_s3.c:1422 ssl/record/rec_layer_s3.c:1425 ssl/record/rec_layer_s3.c:1429 ssl/record/rec_layer_s3.c:1443 ssl/record/rec_layer_s3.c:1472 ssl/record/rec_layer_s3.c:1475 ssl/record/rec_layer_s3.c:1481 ssl/record/rec_layer_s3.c:1487 ssl/record/rec_layer_s3.c:1335 ssl/record/rec_layer_s3.c:1341 ssl/record/rec_layer_s3.c:1345 ssl/record/rec_layer_s3.c:1354 ssl/record/rec_layer_s3.c:1360 ssl/record/rec_layer_s3.c:1367 ssl/record/rec_layer_s3.c:1381 ssl/record/rec_layer_s3.c:1389 ssl/record/rec_layer_s3.c:1403 ssl/record/rec_layer_s3.c:1412 ssl/record/rec_layer_s3.c:1422 ssl/record/rec_layer_s3.c:1429 ssl/record/rec_layer_s3.c:1443 ssl/record/rec_layer_s3.c:1472 ssl/record/rec_layer_s3.c:1475 ssl/record/rec_layer_s3.c:1481 ssl/record/rec_layer_s3.c:1487 ServerHello, Length=118 server_version=0x303 (TLS 1.2) Random: gmt_unix_time=0x7F9CA9DE random_bytes (len=28): D6F6EFA5BCBB089010FA1573D92A29ACBFCE84FFE68B6D0736976BE5 session_id (len=32): FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6 cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384 compression_method: No Compression (0x00) extensions, length = 46 extension_type=key_share(51), length=36 NamedGroup: ecdh_x25519 (29) key_exchange: (len=32): AB9BEF12592BBE53425F317364F34CDB0076B9B3669B0B3C58BECA5A30F62534 extension_type=supported_versions(43), length=2 TLS 1.3 (772) ssl/statem/statem_lib.c:2004 vent version 0x0304 ssl/record/rec_layer_s3.c:1335 ssl/record/rec_layer_s3.c:1341 ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record ssl/record/ssl3_record.c:197 ssl3_get_record called Received Record Header: Version = TLS 1.2 (0x303) Content Type = ChangeCipherSpec (20) Length = 1 ssl/record/ssl3_record.c:465 ssl/record/ssl3_record.c:493 ssl/record/rec_layer_s3.c:1312 ssl/record/rec_layer_s3.c:1318 ssl/record/rec_layer_s3.c:1320 ssl/record/rec_layer_s3.c:1329 ssl/record/rec_layer_s3.c:1335 ssl/record/rec_layer_s3.c:1341 ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record ssl/record/ssl3_record.c:197 ssl3_get_record called Received Record Header: Version = TLS 1.2 (0x303) Content Type = ApplicationData (23) Length = 4658 ssl/record/ssl3_record.c:465 ssl/record/ssl3_record.c:497 ssl/record/ssl3_record.c:531 ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x0304 ssl/record/ssl3_record_tls13.c:37 ssl/record/ssl3_record_tls13.c:48 crypto/evp/e_aes.c:3195 aes_gcm_cipher crypto/evp/e_aes.c:3203 aes_gcm_cipher crypto/evp/e_aes.c:3210 aes_gcm_cipher crypto/evp/e_aes.c:3216 aes_gcm_cipher crypto/evp/e_aes.c:3221 aes_gcm_cipher crypto/evp/e_aes.c:3347 aes_gcm_cipher crypto/evp/e_aes.c:3195 aes_gcm_cipher crypto/evp/e_aes.c:3203 aes_gcm_cipher crypto/evp/e_aes.c:3210 aes_gcm_cipher crypto/evp/e_aes.c:3216 aes_gcm_cipher crypto/evp/e_aes.c:3290 aes_gcm_cipher crypto/evp/e_aes.c:3320 aes_gcm_cipher crypto/evp/e_aes.c:3336 aes_gcm_cipher crypto/evp/e_aes.c:3343 aes_gcm_cipher crypto/evp/e_aes.c:3345 aes_gcm_cipher crypto/evp/e_aes.c:3347 aes_gcm_cipher crypto/evp/evp_enc.c:228 crypto/evp/evp_enc.c:576 crypto/evp/evp_enc.c:587 crypto/evp/evp_enc.c:590 cipher nid 901 crypto/evp/e_aes.c:3195 aes_gcm_cipher crypto/evp/e_aes.c:3203 aes_gcm_cipher crypto/evp/e_aes.c:3210 aes_gcm_cipher crypto/evp/e_aes.c:3216 aes_gcm_cipher crypto/evp/e_aes.c:3350 aes_gcm_cipher crypto/evp/e_aes.c:3352 aes_gcm_cipher crypto/evp/e_aes.c:3358 aes_gcm_cipher crypto/modes/gcm128.c:1838 crypto/modes/gcm128.c:1843 crypto/modes/gcm128.c:1887 crypto/modes/gcm128.c:1890 crypto/modes/gcm128.c:1896 crypto/modes/gcm128.c:1905 crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3 crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0 crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b crypto/modes/gcm128.c:1912 after xor: crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053 crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984 crypto/modes/gcm128.c:1916 crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp len=16 f8^2c 09^7e 2c^a9 29^77 90^80 23^c4 00^72 53^98 41^3b 53^e0 79^0a c4^08 3d^5e e6^89 49^c9 84^f9 crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp crypto/modes/gcm128.c:1932 ret = 255 crypto/evp/e_aes.c:3361 aes_gcm_cipher crypto/evp/evp_enc.c:592 ssl/record/ssl3_record_tls13.c:202 ssl/record/ssl3_record.c:537 enc_err=-1 ssl/record/ssl3_record.c:575 ssl/record/ssl3_record.c:586 ssl/record/ssl3_record.c:655 ssl/record/ssl3_record.c:661 ssl/record/ssl3_record.c:696 ssl/record/ssl3_record_tls13.c:37 ssl/record/ssl3_record_tls13.c:48 ssl/record/rec_layer_s3.c:1056 ssl/record/rec_layer_s3.c:1059 ssl/record/rec_layer_s3.c:1062 Sent Record Header: Version = TLS 1.2 (0x303) Content Type = Alert (21) Length = 2 ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=1 s->enc_write_ctx=0x00000000 ssl/record/rec_layer_s3.c:1076 ssl/record/rec_layer_s3.c:1079 Level=fatal(2), description=bad record mac(20) ssl/record/rec_layer_s3.c:1312 ssl/record/rec_layer_s3.c:1315 0:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:698: --- no peer certificate available --- No client certificate CA names sent Server Temp Key: X25519, 253 bits --- SSL handshake has read 4796 bytes and written 241 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) - Le mar. 29 juin 2021 à 18:06, Jan Just Keijser <janj...@nikhef.nl> a écrit : > On 29/06/21 11:58, david raingeard wrote: > > Hello, > > > > Technically, why prevents openssl 1.1.1g from compiling correctly on some > > operating systems like Solaris 2.6, CentOS 7.8,... ? > > > > > you will have to provide more details - openssl 1.1.1g compiles just > fine on CentOS 7 (7.9 in my case). > > Can't talk about Solaris 2.6 , other than that it has been out of > support since July 2006. > > HTH, > > JJK > >