Most likely that cipher suite is not supported by gRPC. If I remember correctly, gRPC C++ currently only supports TLS 1.2. We used to plumb the field for selecting TLS 1.3 under core, but never got a chance to expose it to the C++ layer. So in short: you can't use "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" in gRPC right now...
On Friday, December 10, 2021 at 2:15:19 PM UTC-8 [email protected] wrote: > Hello, > > I'm trying to force grpc (C++) to use only TLS 1.3 ciphers via the > environment variable: > > export GRPC_SSL_CIPHER_SUITES=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > > However, when I try to run the grpc server it errors out: > > E1210 14:02:58.379895519 2232804 ssl_transport_security.cc:828] Invalid > cipher list: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256. > E1210 14:02:58.379963852 2232804 ssl_security_connector.cc:268] Handshaker > factory creation failed with TSI_INVALID_ARGUMENT. > E1210 14:02:58.380010816 2232804 server_secure_chttp2.cc:124] > {"created":"@1639173778.379988900","description":"Unable to create secure > server with credentials of type > Ssl","file":"_deps/grpc-src/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc","file_line":104} > > Is there anything specific I need to set when generating my TLS > certificates? > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/6dda6a61-d7b8-44c2-95ff-ca083e444c0en%40googlegroups.com.
