I'm having some trouble setting IsSecure on TLSv1.3. When I attempt so I get a EScError exception with message: 'The other side has sent a failure alert: [47]'
The code to trigger it is very simple, it is basically:
Code: Select all
Protocols := [spTls13];
Connect;
IsSecure := True;
- stunnel config file to run as server side
- Delphi 7 test project
It can be downloaded from: https://oshi.at/XDZf
In order to reproduce:
1. Start stunnel with:
Code: Select all
sudo stunnel test.conf
3. Press on button labeled 'TLSv1.2'. You'll see that a successful connection is logged on stunnel:
Code: Select all
2022.08.28 21:59:53 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42950
2022.08.28 21:59:53 LOG6[0]: Peer certificate not required
2022.08.28 21:59:53 LOG6[0]: No peer certificate received
2022.08.28 21:59:53 LOG6[0]: Session id: XXXX
2022.08.28 21:59:53 LOG6[0]: TLS accepted: new session negotiated
2022.08.28 21:59:53 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2022.08.28 21:59:53 LOG6[0]: Local mode child started (PID=1089023)
Code: Select all
2022.08.28 22:02:35 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42952
2022.08.28 22:02:35 LOG6[0]: Peer certificate not required
2022.08.28 22:02:35 LOG3[0]: SSL_accept: ../ssl/statem/extensions_srvr.c:697: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
2022.08.28 22:02:35 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket