Hi All, I feel like some TLS 1.3 configuration APIs in OpenSSL 1.1.1 are uncomfortable in using it.
*1) Configuring Cipher Suit:* There is a new API for configuring TLS1.3 cipher suite, which is *SSL_set_ciphersuites()*. But calling only *SSL_set_ciphersuites()* does not work. Need to call old API *SSL_set_cipher_list()* first and then *SSL_set_ciphersuites()*. *2) Configuring supported groups and temp ECDHE:* Configuring temp ECDHE using *SSL_set_tmp_ECDH()* configures the corresponding curve ID as supported groups. So calling first *SSL_set1_groups()* and then calling* SSL_set_tmp_ECDH()* resets the configured groups using *SSL_set1_groups()*. I feel the configuration APIs introduced in TLS1.3 are little confusing and it should be used in certain order to achieve the required configuration. Can some one try to clarify me these API behaviours or is my understanding of using these API is incorrect ? Regards R Ashok
