Hi All,
I feel like some TLS 1.3 configuration APIs in OpenSSL 1.1.1 are uncomfortable in using it.
1) Configuring Cipher Suit: There is a new API for configuring TLS1.3 cipher suite, which is SSL_set_ciphersuites(). But calling only SSL_set_ciphersuites() does not work. Need to call old API SSL_set_cipher_list() first and then SSL_set_ciphersuites().
2) Configuring supported groups and temp ECDHE: Configuring temp ECDHE using SSL_set_tmp_ECDH() configures the corresponding curve ID as supported groups. So calling first SSL_set1_groups() and then calling SSL_set_tmp_ECDH() resets the configured groups using SSL_set1_groups().
I feel the configuration APIs introduced in TLS1.3 are little confusing and it should be used in certain order to achieve the required configuration.
Can some one try to clarify me these API behaviours or is my understanding of using these API is incorrect ?
Regards
R Ashok
