Unable to set IsSecure with TLSv1.3
Posted: Sun 28 Aug 2022 20:11
Hi
I'm having some trouble setting IsSecure on TLSv1.3. When I attempt so I get a EScError exception with message: 'The other side has sent a failure alert: [47]'
The code to trigger it is very simple, it is basically:
I'm providing a complete ZIP including:
- stunnel config file to run as server side
- Delphi 7 test project
It can be downloaded from: https://oshi.at/XDZf
In order to reproduce:
1. Start stunnel with:
2. Build Project1.dpr and run it.
3. Press on button labeled 'TLSv1.2'. You'll see that a successful connection is logged on stunnel:
4. Now press button labeled 'TLSv1.3'. The app will raise EScError exception, and stunnel will display this:
I'm having some trouble setting IsSecure on TLSv1.3. When I attempt so I get a EScError exception with message: 'The other side has sent a failure alert: [47]'
The code to trigger it is very simple, it is basically:
Code: Select all
Protocols := [spTls13];
Connect;
IsSecure := True;
- stunnel config file to run as server side
- Delphi 7 test project
It can be downloaded from: https://oshi.at/XDZf
In order to reproduce:
1. Start stunnel with:
Code: Select all
sudo stunnel test.conf
3. Press on button labeled 'TLSv1.2'. You'll see that a successful connection is logged on stunnel:
Code: Select all
2022.08.28 21:59:53 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42950
2022.08.28 21:59:53 LOG6[0]: Peer certificate not required
2022.08.28 21:59:53 LOG6[0]: No peer certificate received
2022.08.28 21:59:53 LOG6[0]: Session id: XXXX
2022.08.28 21:59:53 LOG6[0]: TLS accepted: new session negotiated
2022.08.28 21:59:53 LOG6[0]: TLSv1.2 ciphersuite: ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2022.08.28 21:59:53 LOG6[0]: Local mode child started (PID=1089023)
Code: Select all
2022.08.28 22:02:35 LOG5[0]: Service [test] accepted connection from 127.0.0.1:42952
2022.08.28 22:02:35 LOG6[0]: Peer certificate not required
2022.08.28 22:02:35 LOG3[0]: SSL_accept: ../ssl/statem/extensions_srvr.c:697: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
2022.08.28 22:02:35 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket