I would like to know if OpenSSL supports ECDHE-ECDSA-AES128-CCM8 and ECDHE-ECDSA-AES128-CCM for TLS 1.2 and DTLS 1.2?
In the website , I see that both the mentioned cipher suites are supported, but the compiled binary that I generated didn't have this.
Below was the commands used for compiling the OpenSSL 1.0.2d version,
perl Configure VC-WIN32 --prefix=T:\openssl-%OPENSSL_VERSION%-32bit-release-DLL-vs2012
call ms\do_ms.bat
call ms\do_nasm.bat
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak install
Is there something that I am missing while compiling or above mentioned cipher suites are not supported for OpenSSL?
i tested with 1.1.0-pre6 on my Mac. this will help you.
first build with
$ ./Configure no-shared darwin64-x86_64-cc
$ make
try following steps
step.1 generate ecdsa key, cert for ssl server(plus ca key, certs)
$ cd apps
$ cat my-test.sh
#!/bin/bash
export RANDFILE=.rnd
./openssl ecparam -name secp521r1 -out my-ca-key.pem -genkey
./openssl req -new -x509 -days 365 -key my-ca-key.pem -out my-ca-cert.pem -config openssl.cnf
./openssl ecparam -name secp521r1 -out my-server-key.pem -genkey
./openssl req -new -key my-server-key.pem -out my-server-csr.pem -config openssl.cnf
./openssl x509 -req -days 365 -in my-server-csr.pem -CA my-ca-cert.pem -CAkey my-ca-key.pem -set_serial 01 -out my-server-cert.pem
$ sh my-test.sh
step.2 open two terminals, run following commands for each terminal
terminal 1:
$ ./openssl s_server -debug -key my-server-key.pem -cert my-server-cert.pem -CAfile my-ca-cert.pem -cipher ECDHE-ECDSA-AES128-CCM8
terminal 2:
$ ./openssl s_client -debug -cipher ECDHE-ECDSA-AES128-CCM8
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.