search

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
150 stars 100 forks source link

Tls communication fails while using the engine tpm2tss with OpenSSL 3.1.0 #271

Closed ehb2hi closed 1 year ago

ehb2hi commented 1 year ago

If I try to establish a tls communication with a server using for example this command:

```
$ openssl s_client -connect example.com:8883 -servername example.com -key 0x81000001 -cert client.crt -keyform engine -engine tpm2tss
```

I get this error.

$4057BF5CB17F0000:error:0A00041B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:../ssl/record/rec_layer_s3.c:1584:SSL alert number 51

I tested also the tools mosquito and curl and I got the same problem. The both tools use also the openssl engine functionality.

Is this issue already known or the openssl3 supports further the usage of the engine and for me specially the tpm2tss engine.

the tested version is: OpenSSL 3.1.0 14 Mar 2023 (Library: OpenSSL 3.0.2 15 Mar 2022)

AndreasFuchsTPM commented 1 year ago

For OpenSSL 3 support please look at https://github.com/tpm2-software/tpm2-openssl since it implements the provider interface, whilst this (the engine) implements the 1.1.1 engine interface.