How to debug a TLSv1.3 protocol problem?

Claus Assmann ca+ssl-users at
Fri May 22 12:09:13 UTC 2020

On Tue, May 19, 2020, Claus Assmann wrote:

Here's another (confusing) note: the (failing) S8 trace log:

> Sent Record
> Header:
>   Version = TLS 1.2 (0x303)
>   Content Type = Handshake (22)
>       extensions, length = 12
>         extension_type=supported_versions(43), length=2
>             TLS 1.3 (772)
>         extension_type=key_share(51), length=2
>             NamedGroup: secp256r1 (P-256) (23)

If I enable SSL_CTX_set_ecdh_auto() in S8 (-DLTS_EC=2)
(instead of using EC_KEY_new_by_curve_name(NID_X9_62_prime256v1))
then this changes to
	NamedGroup: ecdh_x25519 (29)
and the handshake does not fail.

That's somehow weird, because a different client uses secp256r1
too and that handshake (with S8) does not fail.
Of course it would be nice if the TLS handshake provides a
better error message for this case.
Since I cannot change all the S8 servers out there, it seems I have
to figure out what is wrong(?) in M1 for this case.

More information about the openssl-users mailing list