README_server_sm.md 24 KB

SM Cipher Notes

Install SM

cd /mnt/c/workspace/wolfsm-$USER
./install.sh ../wolfssl-$USER

Build Linux SM Examples

./autogen.sh
./configure --enable-sm3 --enable-sm4-gcm --enable-sm2         \
            --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr \
            --enable-sm4-gcm --enable-sm4-ccm
make clean && make

TLS 1.3 Server

./examples/server/server -v 4 -b -d -p 11111 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V

TLS 1.3 Client

./examples/client/client  -h 127.0.0.1 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C

TLS 1.2 Client to Local Linux Server

./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
                      -c ./certs/sm2/client-sm2.pem                 \
                      -k ./certs/sm2/client-sm2-priv.pem            \
                      -A ./certs/sm2/root-sm2.pem -C

TLS 1.2 Client to ESP32 Server

./examples/client/client  -h 192.168.25.186 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  \
                      -c ./certs/sm2/client-sm2.pem                 \
                      -k ./certs/sm2/client-sm2-priv.pem            \
                      -A ./certs/sm2/root-sm2.pem -C

Others...

# Success: Linux Client to ESP32 Server TLS1.2
./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client  -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C

# Success: Linux Client to ESP32 Server TLS1.3

# Reported as TLS_SM4_GCM_SM3, but parameter is TLS13-SM4-GCM-SM3
./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C

# Reported as TLS-SM4-CCM-SM3, but parameter is TLS13-SM4-CCM-SM3
./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C

./examples/client/client  -h 192.168.1.113 -v 4 -l TLS13-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C

ESP32-to-ESP32
TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3
TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3
TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3

Tried both PEM and DER format.

The latest server is PEM format, triple-checked to have the embedded server be the same as the Linux server files.

Usage Certificate Key Certificate Authority file, default ./certs/client-cert.pem
server -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
client -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
emdedded:
server wolfSSL_CTX_use_certificate_buffer
server_sm2
wolfSSL_CTX_use_PrivateKey_buffer
server_sm2_priv
wolfSSL_CTX_load_verify_buffer
client-sm2

Code

See source code:

code

Linux client talking to embedded server:

/examples/client/client  -h 192.168.1.108 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3  -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem     -A ./certs/sm2/root-sm2.pem -C
wolfSSL_connect error -188, ASN no signer error to confirm failure
wolfSSL error: wolfSSL_connect failed

Output:

ets Jul 29 2019 12:21:46

rst:0x3 (SW_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0030,len:7000
load:0x40078000,len:15452
ho 0 tail 12 room 4
load:0x40080400,len:3840
entry 0x4008064c
I (29) boot: ESP-IDF v5.0-dirty 2nd stage bootloader
I (29) boot: compile time 13:40:31
I (29) boot: chip revision: v3.0
I (32) boot_comm: chip revision: 3, min. bootloader chip revision: 0
I (39) boot.esp32: SPI Speed      : 40MHz
I (44) boot.esp32: SPI Mode       : DIO
I (48) boot.esp32: SPI Flash Size : 2MB
I (53) boot: Enabling RNG early entropy source...
I (58) boot: Partition Table:
I (62) boot: ## Label            Usage          Type ST Offset   Length
I (69) boot:  0 nvs              WiFi data        01 02 00009000 00006000
I (77) boot:  1 phy_init         RF data          01 01 0000f000 00001000
I (84) boot:  2 factory          factory app      00 00 00010000 00177000
I (92) boot: End of partition table
I (96) boot_comm: chip revision: 3, min. application chip revision: 0
I (103) esp_image: segment 0: paddr=00010020 vaddr=3f400020 size=338d8h (211160) map
I (188) esp_image: segment 1: paddr=00043900 vaddr=3ffb0000 size=03b78h ( 15224) load
I (194) esp_image: segment 2: paddr=00047480 vaddr=40080000 size=08b98h ( 35736) load
I (209) esp_image: segment 3: paddr=00050020 vaddr=400d0020 size=c591ch (809244) map
I (501) esp_image: segment 4: paddr=00115944 vaddr=40088b98 size=0c230h ( 49712) load
I (522) esp_image: segment 5: paddr=00121b7c vaddr=50000000 size=00010h (    16) load
I (533) boot: Loaded app from partition at offset 0x10000
I (533) boot: Disabling RNG early entropy source...
I (545) cpu_start: Pro cpu up.
I (545) cpu_start: Starting app cpu, entry point is 0x400812f4
I (532) cpu_start: App cpu up.
I (561) cpu_start: Pro cpu start user code
I (561) cpu_start: cpu freq: 160000000 Hz
I (561) cpu_start: Application information:
I (566) cpu_start: Project name:     wolfssl_server
I (571) cpu_start: App version:      v5.6.3-stable-1088-g560c84b2b-d
I (578) cpu_start: Compile time:     Jul 19 2023 22:20:09
I (585) cpu_start: ELF file SHA256:  3e6e571c9e87bf44...
I (591) cpu_start: ESP-IDF:          v5.0-dirty
I (596) heap_init: Initializing. RAM available for dynamic allocation:
I (603) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (609) heap_init: At 3FFBDA68 len 00022598 (137 KiB): DRAM
I (615) heap_init: At 3FFE0440 len 00003AE0 (14 KiB): D/IRAM
I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
I (636) spi_flash: detected chip: generic
I (639) spi_flash: flash io: dio
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
size in the binary image header.
I (657) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
I (725) tls_server: ESP_WIFI_MODE_STA
I (735) wifi:wifi driver task: 3ffcb738, prio:23, stack:6656, core=0
I (735) system_api: Base MAC address is not set
I (735) system_api: read default base MAC address from EFUSE
I (755) wifi:wifi firmware version: 0d470ef
I (755) wifi:wifi certification version: v7.0
I (755) wifi:config NVS flash: enabled
I (755) wifi:config nano formating: disabled
I (755) wifi:Init data frame dynamic rx buffer num: 32
I (765) wifi:Init management frame dynamic rx buffer num: 32
I (765) wifi:Init management short buffer num: 32
I (775) wifi:Init dynamic tx buffer num: 32
I (775) wifi:Init static rx buffer size: 1600
I (775) wifi:Init static rx buffer num: 10
I (785) wifi:Init dynamic rx buffer num: 32
I (785) wifi_init: rx ba win: 6
I (795) wifi_init: tcpip mbox: 32
I (795) wifi_init: udp mbox: 6
I (795) wifi_init: tcp mbox: 6
I (805) wifi_init: tcp tx win: 5744
I (805) wifi_init: tcp rx win: 5744
I (815) wifi_init: tcp mss: 1440
I (815) wifi_init: WiFi IRAM OP enabled
I (815) wifi_init: WiFi RX IRAM OP enabled
I (825) phy_init: phy_version 4670,719f9f6,Feb 18 2021,17:07:07
I (925) wifi:mode : sta (24:d7:eb:41:7b:68)
I (935) wifi:enable tsf
I (935) tls_server: wifi_init_sta finished.
I (945) wifi:new:<4,0>, old:<1,0>, ap:<255,255>, sta:<4,0>, prof:1
I (945) wifi:state: init -> auth (b0)
I (945) wifi:state: auth -> assoc (0)
I (955) wifi:state: assoc -> run (10)
W (955) wifi:<ba-add>idx:0 (ifx:0, c8:d7:19:cd:00:17), tid:0, ssn:0, winSize:64
I (985) wifi:connected with testbench, aid = 1, channel 4, BW20, bssid = c8:d7:19:cd:00:17
I (985) wifi:security: WPA2-PSK, phy: bgn, rssi: -45
I (995) wifi:pm start, type: 1

I (1065) wifi:AP's beacon interval = 102400 us, DTIM period = 1
I (3225) esp_netif_handlers: sta ip: 192.168.1.108, mask: 255.255.255.0, gw: 192.168.1.10
I (3225) tls_server: got ip:192.168.1.108
I (3235) Time Helper: sntp_setservername:
I (3235) Time Helper: pool.ntp.org
I (3245) Time Helper: time.nist.gov
I (3245) Time Helper: utcnist.colorado.edu
I (3255) Time Helper: sntp_init done.
TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
I (3315) wolfssl: Start wolfSSL_Init()
I (3315) wolfssl: wolfSSL Entering wolfSSL_Init
I (3325) wolfssl: wolfSSL Entering wolfCrypt_Init
I (3325) wolfssl: start socket())
I (3335) wolfssl: Create and initialize WOLFSSL_CTX
I (3335) wolfssl: wolfSSL Entering wolfSSLv23_server_method_ex
I (3345) wolfssl: wolfSSL Entering wolfSSL_CTX_new_ex
I (3345) wolfssl: wolfSSL Entering wolfSSL_CertManagerNew
I (3355) wolfssl: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
I (3365) tls_server: Start SM2

I (3365) wolfssl: wolfSSL Entering wolfSSL_CTX_set_cipher_list
I (3375) tls_server: Set cipher list: ECDHE-ECDSA-SM4-CBC-SM3

TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:TLS13-SM4-GCM-SM3:TLS13-SM4-CCM-SM3:ECDHE-RSA-AES12
8-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDS
A-DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECD
SA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD
:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-SM4-CBC-SM3:ECDHE-ECDSA-SM4-GCM-SM3:ECDHE-ECDSA-SM4-CCM-SM3
:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305
I (3435) wolfssl: Loading certificate...
I (3435) wolfssl: wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
I (3445) wolfssl: wolfSSL Entering PemToDer
I (3455) wolfssl: Checking cert signature type
I (3455) wolfssl: wolfSSL Entering GetExplicitVersion
I (3465) wolfssl: wolfSSL Entering wc_GetSerialNumber
I (3465) wolfssl: Got Cert Header
I (3475) wolfssl: wolfSSL Entering GetObjectId
I (3475) wolfssl: Got Algo ID
I (3475) wolfssl: Getting Name
I (3485) wolfssl: Getting Cert Name
I (3485) wolfssl: Getting Name
I (3495) wolfssl: Getting Cert Name
I (3495) wolfssl: Got Subject Name
I (3495) wolfssl: wolfSSL Entering GetAlgoId
I (3505) wolfssl: wolfSSL Entering GetObjectId
I (3505) wolfssl: wolfSSL Entering GetObjectId
I (3515) wolfssl: Got Key
I (3515) wolfssl: ECDSA/ED25519/ED448 cert signature
I (3525) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_certificate_buffer, return 1
I (3535) tls_server: Loaded server_sm2

I (3535) wolfssl: Loading key info...
I (3535) wolfssl: wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
I (3545) wolfssl: wolfSSL Entering PemToDer
I (3555) wolfssl: wolfSSL Entering GetAlgoId
I (3555) wolfssl: wolfSSL Entering GetObjectId
I (3565) wolfssl: wolfSSL Entering GetAlgoId
I (3565) wolfssl: wolfSSL Entering GetObjectId
I (3575) wolfssl: wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
I (3575) tls_server: Loaded PrivateKey_buffer server_sm2_priv

I (3585) wolfssl: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
I (3595) wolfssl: Processing CA PEM file
I (3595) wolfssl: wolfSSL Entering PemToDer
I (3605) wolfssl: Adding a CA
I (3605) wolfssl: wolfSSL Entering GetExplicitVersion
I (3615) wolfssl: wolfSSL Entering wc_GetSerialNumber
I (3615) wolfssl: Got Cert Header
I (3625) wolfssl: wolfSSL Entering GetObjectId
I (3625) wolfssl: Got Algo ID
I (3635) wolfssl: Getting Name
I (3635) wolfssl: Getting Cert Name
I (3635) wolfssl: Getting Name
I (3645) wolfssl: Getting Cert Name
I (3645) wolfssl: Got Subject Name
I (3655) wolfssl: wolfSSL Entering GetAlgoId
I (3655) wolfssl: wolfSSL Entering GetObjectId
I (3665) wolfssl: wolfSSL Entering GetObjectId
I (3665) wolfssl: Got Key
I (3665) wolfssl: Parsed Past Key
I (3675) wolfssl: wolfSSL Entering DecodeCertExtensions
I (3675) wolfssl: wolfSSL Entering GetObjectId
I (3685) wolfssl: wolfSSL Entering DecodeSubjKeyId
I (3685) wolfssl: wolfSSL Entering GetObjectId
I (3695) wolfssl: wolfSSL Entering DecodeAuthKeyId
I (3705) wolfssl: wolfSSL Entering GetObjectId
I (3705) wolfssl: wolfSSL Entering DecodeBasicCaConstraint
I (3715) wolfssl: wolfSSL Entering GetObjectId
I (3715) wolfssl: wolfSSL Entering DecodeAltNames
I (3725) wolfssl:       Unsupported name type, skipping
I (3725) wolfssl: wolfSSL Entering GetObjectId
I (3735) wolfssl: wolfSSL Entering DecodeExtKeyUsage
I (3735) wolfssl: wolfSSL Entering GetObjectId
I (3745) wolfssl: wolfSSL Entering GetObjectId
I (3745) wolfssl: wolfSSL Entering GetObjectId
I (3755) wolfssl:       Parsed new CA
I (3755) wolfssl:       No key size check done on CA
I (3765) wolfssl:       Freeing Parsed CA
I (3765) wolfssl:       Freeing der CA
I (3775) wolfssl:               OK Freeing der CA
I (3775) wolfssl: wolfSSL Leaving AddCA, return 0
I (3785) wolfssl:    Processed a CA
I (3785) wolfssl: Processed at least one valid CA. Other stuff OK
I (3795) wolfssl: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
I (3795) tls_server: Success: load verify buffer

I (3805) tls_server: Finish SM2

I (3805) tls_server: accept clients...
I (3815) wolfssl: Waiting for a connection...
I (14485) wolfssl: wolfSSL Entering wolfSSL_new
I (14495) wolfssl: wolfSSL Entering ReinitSSL
I (14495) wolfssl: wolfSSL Entering SetSSL_CTX
I (14495) wolfssl: wolfSSL Entering wolfSSL_NewSession
I (14505) wolfssl: wolfSSL Leaving wolfSSL_new, return 0
I (14505) wolfssl: wolfSSL Entering wolfSSL_set_fd
I (14515) wolfssl: wolfSSL Entering wolfSSL_set_read_fd
I (14515) wolfssl: wolfSSL Leaving wolfSSL_set_read_fd, return 1
I (14525) wolfssl: wolfSSL Entering wolfSSL_set_write_fd
I (14535) wolfssl: wolfSSL Leaving wolfSSL_set_write_fd, return 1
I (14535) wolfssl: wolfSSL Entering wolfSSL_accept
I (14545) wolfssl: wolfSSL Entering ReinitSSL
I (14545) wolfssl: growing input buffer
I (14555) wolfssl: received record layer msg
I (14555) wolfssl: got HANDSHAKE
I (14565) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14565) wolfssl: wolfSSL Entering DoTls13HandShakeMsg
I (14575) wolfssl: wolfSSL Entering DoTls13HandShakeMsgType
I (14575) wolfssl: processing client hello
I (14585) wolfssl: wolfSSL Entering DoTls13ClientHello
I (14595) wolfssl: wolfSSL Entering DoClientHello
I (14595) wolfssl:     downgrading to TLSv1.2
I (14605) wolfssl: Matched No Compression
I (14605) wolfssl: Adding signature algorithms extension
I (14615) wolfssl: Signature Algorithms extension received
I (14615) wolfssl: Point Formats extension received
I (14625) wolfssl: Supported Groups extension received
I (14625) wolfssl: Unknown TLS extension type
I (14635) wolfssl: Unknown TLS extension type
I (14635) wolfssl: wolfSSL Entering MatchSuite
I (14645) wolfssl: wolfSSL Entering VerifyServerSuite
I (14645) wolfssl: Requires ECC
I (14655) wolfssl: Verified suite validity
I (14655) wolfssl: wolfSSL Leaving DoClientHello, return 0
I (14665) wolfssl: wolfSSL Leaving DoTls13ClientHello, return 0
I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsgType(), return 0
I (14675) wolfssl: wolfSSL Leaving DoTls13HandShakeMsg, return 0
I (14685) wolfssl: Shrinking input buffer
I (14685) wolfssl: accept state ACCEPT_CLIENT_HELLO_DONE
I (14695) wolfssl: accept state ACCEPT_FIRST_REPLY_DONE
I (14705) wolfssl: wolfSSL Entering SendServerHello
I (14705) wolfssl: growing output buffer
I (14715) internal.c: GrowOutputBuffer ok
I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14725) wolfssl: Point Formats extension to write
W (14735) wolfio: ssl->wflags = 0
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
W (14775) wolfio: sz          = 87
I (14775) wolfssl: Shrinking output buffer
I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
I (14785) wolfssl: accept state SERVER_HELLO_SENT
I (14795) wolfssl: wolfSSL Entering SendCertificate
I (14795) wolfssl: growing output buffer
I (14805) internal.c: GrowOutputBuffer ok
W (14815) wolfio: ssl->wflags = 0
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
W (15135) wolfio: sz          = 747
I (15135) wolfssl: Shrinking output buffer
I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
I (15145) wolfssl: accept state CERT_SENT
I (15155) wolfssl: wolfSSL Entering SendCertificateStatus
I (15155) wolfssl: wolfSSL Leaving SendCertificateStatus, return 0
I (15165) wolfssl: accept state CERT_STATUS_SENT
I (15165) wolfssl: wolfSSL Entering SendServerKeyExchange
I (15175) wolfssl: Using ephemeral ECDH
I (15175) wolfssl: wolfSSL Entering EccMakeKey
I (15535) wolfssl: wolfSSL Leaving EccMakeKey, return 0
I (15535) wolfssl: Trying ECC private key, RSA didn't work
I (15535) wolfssl: wolfSSL Entering GetAlgoId
I (15545) wolfssl: wolfSSL Entering GetObjectId
I (15555) wolfssl: Using ECC private key
I (15555) wolfssl: wolfSSL Entering Sm2wSm3Sign
I (15915) wolfssl: wolfSSL Leaving Sm2wSm3Sign, return 0
I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
I (15925) wolfssl: growing output buffer
I (15925) internal.c: GrowOutputBuffer ok
W (15925) wolfio: ssl->wflags = 0
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
W (15995) wolfio: sz          = 154
I (16005) wolfssl: Shrinking output buffer
I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
I (16015) wolfssl: accept state KEY_EXCHANGE_SENT
I (16025) wolfssl: accept state CERT_REQ_SENT
I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
I (16035) wolfssl: growing output buffer
I (16035) internal.c: GrowOutputBuffer ok
W (16045) wolfio: ssl->wflags = 0
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
W (16045) wolfio: sz          = 9
I (16055) wolfssl: Embed Send error
I (16055) wolfssl:      Connection reset
I (16065) int: Sent = -3
W (16065) int: WOLFSSL_CBIO_ERR_CONN_RST
E (16075) int: SOCKET_ERROR_E 2
I (16075) wolfssl: wolfSSL Leaving SendServerHelloDone, return -308
I (16085) wolfssl: wolfSSL error occurred, error = -308
I (16085) wolfssl: wolfSSL Entering wolfSSL_get_error
I (16095) wolfssl: wolfSSL Leaving wolfSSL_get_error, return -308
E (16085) tls_server: wolfSSL_accept error -308
I (16105) wolfssl: Client connected successfully
I (16105) wolfssl: wolfSSL Entering wolfSSL_read
I (16115) wolfssl: wolfSSL Entering wolfSSL_read_internal
I (16125) wolfssl: wolfSSL Entering ReceiveData
I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
E (16145) tls_server: ERROR: failed to read
I (16145) wolfssl: Client sends:
I (16145) wolfssl:
I (16155) wolfssl: wolfSSL Entering wolfSSL_write
I (16155) wolfssl: handshake not complete, trying to finish
I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
I (16175) wolfssl: wolfSSL Entering ReinitSSL
W (16185) wolfio: ssl->wflags = 0
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
W (16185) wolfio: sz          = 9
I (16195) wolfssl: Embed Send error
I (16195) wolfssl:      General error
I (16205) int: Sent = -1
E (16205) int: SOCKET_ERROR_E
I (16205) wolfssl: wolfSSL error occurred, error = -308
I (16215) wolfssl: wolfSSL Leaving wolfSSL_negotiate, return -1
I (16225) wolfssl: wolfSSL Leaving wolfSSL_write, return -1
E (16225) tls_server: ERROR: failed to write
I (16235) wolfssl: wolfSSL Entering wolfSSL_free
I (16235) wolfssl: Free'ing server ssl
I (16245) wolfssl: Shrinking output buffer
I (16245) wolfssl: wolfSSL Entering ClientSessionToSession
I (16255) wolfssl: wolfSSL Entering wolfSSL_FreeSession
I (16255) wolfssl: wolfSSL_FreeSession full free
I (16265) wolfssl: CTX ref count not 0 yet, no free
I (16265) wolfssl: wolfSSL Leaving wolfSSL_free, return 0
I (16275) wolfssl: Waiting for a connection...

Wireshark:

wireshark