Difficulty in understanding TLS1.3 APIs in OpenSSL 1.1.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

I feel like some TLS 1.3 configuration APIs in OpenSSL 1.1.1 are uncomfortable in using it. 

1) Configuring Cipher Suit: There is a new API for configuring TLS1.3 cipher suite, which is SSL_set_ciphersuites(). But calling only SSL_set_ciphersuites() does not work. Need to call old API SSL_set_cipher_list() first and then   SSL_set_ciphersuites().

2) Configuring supported groups and temp ECDHE: Configuring temp ECDHE using SSL_set_tmp_ECDH() configures the corresponding curve ID as supported groups. So calling first SSL_set1_groups() and then calling SSL_set_tmp_ECDH() resets the configured groups using SSL_set1_groups().

I feel the configuration APIs introduced in TLS1.3 are little confusing and it should be used in certain order to achieve the required configuration. 

Can some one try to clarify me these API behaviours or is my understanding of using these API is incorrect ?

Regards
R Ashok

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux