On any x86_64 Linux. Current development branch a021d63bf7f5b33fc2e4b567a8db99de049318f2.
git clone --depth 1 https://github.com/Mbed-TLS/mbedtls
cd mbedtls
make -j$(nproc) CFLAGS=-DMBEDTLS_SSL_PROTO_TLS1_3=1
echo "========== curl www.google.com =========="
curl -vvvk --tlsv1.3 https://www.google.com > /dev/null
echo "========== mbedtls www.google.com =========="
programs/ssl/ssl_client2 server_name=www.google.com server_port=443 ca_path=/etc/ssl/certs/ force_version=tls13
The curl runs well, but mbedtls's programs/ssl/ssl_client2 seems unable to make request with TLS 1.3 to www.google.com . It runs normal if force_version=tls12.
========== mbedtls www.google.com ==========
build version: Mbed TLS 3.5.1 (build 50659584)
. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (0 skipped)
. Loading the client cert. and key... ok (key type: RSA)
. Setting up the SSL/TLS structure... ok
. Connecting to tcp/www.google.com/443... ok
. Performing the SSL/TLS handshake... failed
! mbedtls_ssl_handshake returned -0x7200
Last error was: -0x7200 - SSL - An invalid SSL record was received
And here my testing on GitHub Actions.
So, how to use MbedTLS's TLS 1.3 client? Is this a bug or not? I see many bugs about tls 1.3 in MbedTLS's issues list.
Define
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE=1is required.