"Invalid cipher list" when using only TLS 1.3 ciphers
238 views
Skip to first unread message
Marek Pokorny
Dec 10, 2021, 5:15:19 PM12/10/21
to grpc.io
Hello,
I'm trying to force grpc (C++) to use only TLS 1.3 ciphers via the environment variable:
export GRPC_SSL_CIPHER_SUITES=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
However, when I try to run the grpc server it errors out:
E1210 14:02:58.379895519 2232804 ssl_transport_security.cc:828] Invalid cipher list: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256.
E1210 14:02:58.379963852 2232804 ssl_security_connector.cc:268] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
E1210 14:02:58.380010816 2232804 server_secure_chttp2.cc:124] {"created":"@1639173778.379988900","description":"Unable to create secure server with credentials of type Ssl","file":"_deps/grpc-src/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":104}
E1210 14:02:58.379963852 2232804 ssl_security_connector.cc:268] Handshaker factory creation failed with TSI_INVALID_ARGUMENT.
E1210 14:02:58.380010816 2232804 server_secure_chttp2.cc:124] {"created":"@1639173778.379988900","description":"Unable to create secure server with credentials of type Ssl","file":"_deps/grpc-src/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":104}
Is there anything specific I need to set when generating my TLS certificates?
Zhen Lian
Dec 15, 2021, 8:38:22 PM12/15/21
to grpc.io
Most likely that cipher suite is not supported by gRPC. If I remember correctly, gRPC C++ currently only supports TLS 1.2. We used to plumb the field for selecting TLS 1.3 under core, but never got a chance to expose it to the C++ layer. So in short: you can't use "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" in gRPC right now...
Eddie Mon
Jun 24, 2022, 5:17:33 PM6/24/22
to grpc.io
Tested TLS 1.3 cipher suite with gRPC C++ version 1.46.3, but it is still not working. Will TLS 1.3 support be added to the C++ layer soon?
Thanks,
Eddie.
Reply all
Reply to author
Forward
0 new messages