<div dir="ltr"><div><div><div>Thanks for responding. Yes, I have done the steps mentioned above. Here are my settings:<br><br> int min_version = TLS1_3_VERSION, max_version = TLS1_3_VERSION;<br><br> meth = isClient ? tlsv1_3_client_method() : tlsv1_3_server_method();<br> //meth = isClient ? TLS_client_method() : TLS_server_method();<br><br> ///////////////////////////////////////////////////////////<br> // Create new SSL context using the chosen SSL_METHOD<br> ctx = SSL_CTX_new(meth);<br> if (ctx == NULL)<br> {<br> // throw error<br> }<br><br> if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)<br> {<br> // throw error<br> }<br><br> if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)<br> {<br> // throw error<br> }<br><br> // Configure SSL to use the cipher suite specified<br> // TLS1_3_TXT_AES_128_GCM_SHA256<br> // ./include/openssl/tls1.h:# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256"<br> int set_cipher;<br> if (! (set_cipher = SSL_CTX_set_cipher_list(ctx, cipherSuite.c_str())) )<br> {<br> throw (InvalidTestConfiguration("OpenSslApi::OpenSslInitContext",<br> "Failed to set ciphers"));<br> }<br><br></div>The set_min_proto/set_max_proto calls succeed.<br><br></div>If I want to get the AES_128_GCM_SHA256 Cipher for TLS 1.3 to be used, are these the steps to be used?<br><br></div>Should I instead, select also, AES128-GCM-SHA256 a TLS 1.2 cipher in the list, and set the min_proto to TLS 1.2, and max_proto to 1.3 ? I need to avoid hitting the default case below:<br><br><br>static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)<br>{<br> OSSL_STATEM *st = &s->statem;<br> <br> /*<br> * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated<br> * TLSv1.3 yet at that point. They are handled by<br> * ossl_statem_client_write_transition().<br> */<br> switch (st->hand_state) {<br> default:<br><br><br><br>"<br><br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 18, 2017 at 5:40 AM, Benjamin Kaduk <span dir="ltr"><<a href="mailto:bkaduk@akamai.com" target="_blank">bkaduk@akamai.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div><div class="h5">
On 09/18/2017 01:07 AM, Mahesh Bhoothapuri wrote:<br>
<blockquote type="cite">
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">Hi,</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">I
am sending a Tls 1.3 client hello, and am seeing an issue with<br>
</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">ossl_statem_client_write_trans<wbr>ition
in statem_clnt.c.</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px"><br>
</p>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
/*<br>
* Note that immediately before/after a ClientHello we don't
know what<br>
* version we are going to negotiate yet, so we don't take
this branch until<br>
* later<br>
*/<br>
<br>
<div>/*<br>
* ossl_statem_client_write_trans<wbr>ition() works out what
handshake state to<br>
* move to next when the client is writing messages to be sent
to the server.<br>
*/<br>
WRITE_TRAN ossl_statem_client_write_trans<wbr>ition(SSL *s)<br>
{<br>
</div>
<br>
if (SSL_IS_TLS13(s))<br>
return ossl_statem_client13_write_tra<wbr>nsition(s);</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">}</div>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">And
in:</p>
<p style="font-family:Calibri,Helvetica,sans-serif;font-size:16px"><br>
</p>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">/*<br>
* ossl_statem_client_write_trans<wbr>ition() works out what
handshake state to<br>
* move to next when the client is writing messages to be sent
to the server.<br>
*/<br>
WRITE_TRAN ossl_statem_client_write_trans<wbr>ition(SSL *s)<br>
{<br>
<br>
<div> /*<br>
* Note: There are no cases for TLS_ST_BEFORE because we
haven't negotiated<br>
* TLSv1.3 yet at that point. They are handled by<br>
* ossl_statem_client_write_trans<wbr>ition().<br>
*/<br>
</div>
<br>
<div> switch (st->hand_state) {<br>
default:<br>
/* Shouldn't happen */<br>
return WRITE_TRAN_ERROR;<br>
<br>
}<br>
<br>
With a TLS 1.3 client hello, using tls 1.3 version, the
st->hand_state is </div>
</div>
</blockquote>
<br></div></div>
Sorry, I just want to clarify what you are doing -- are you taking
SSL_CTX_new(TLS_method()) and then calling
SSL_CTX_set_min_proto_version(<wbr>ctx, TLS1_3_VERSION) and
SSL_CTX_set_max_proto_version(<wbr>ctx, TLS1_3_VERSION)?<br>
<br>
I note that there is no version-specific TLSv1_3_method() available,
and in any case, it's of questionable wisdom to attempt to force TLS
1.3 only while the specification is still in draft status -- in any
case where the client and server implementations are not tightly
controlled, negotiation failures seem quite likely.<span class=""><br>
<br>
<blockquote type="cite">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<div>TLS_ST_BEFORE and so, the default error is returned.<br>
<br>
When I added :<br>
<br>
<div> case TLS_ST_BEFORE:<br>
st->hand_state = TLS_ST_CW_CLNT_HELLO;<br>
return WRITE_TRAN_CONTINUE;<br>
<br>
</div>
</div>
</div>
</blockquote>
<br></span>
The reason there is not currently a case for TLS_ST_BEFORE is that
whether or not we're going to be using TLS 1.3 is supposed to be
determined on the server as part of version negotiation, so when
we're sending a ClientHello, our version is in an indeterminate
status -- the general-purpose TLS method must be used at that part
of the handshake.<span class=""><br>
<br>
<blockquote type="cite">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:16px">
<div>
<div>The client hello gets sent out, but I only saw a TLS 1.2
version being sent.</div>
<div>Is this a bug?<br>
</div>
</div>
</div>
</blockquote>
<br></span>
The legacy_version field in a TLS 1.3 ClientHello will be 0x0303,
matching the historical value for TLS 1.2. The actual list of
versions are conveyed in a "supported_versions" extension, which is
what you need to be looking at.<br>
<br>
-Ben<br>
</div>
</blockquote></div><br></div>