Does OpenSSL supports ECDHE-ECDSA-AES128-CCM8 for DTLS1.2 or TLS1.2?

Question

I would like to know if OpenSSL supports ECDHE-ECDSA-AES128-CCM8 and ECDHE-ECDSA-AES128-CCM for TLS 1.2 and DTLS 1.2?

In the website , I see that both the mentioned cipher suites are supported, but the compiled binary that I generated didn't have this.

Below was the commands used for compiling the OpenSSL 1.0.2d version,

perl Configure VC-WIN32 --prefix=T:\openssl-%OPENSSL_VERSION%-32bit-release-DLL-vs2012
call ms\do_ms.bat
call ms\do_nasm.bat
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak install

Is there something that I am missing while compiling or above mentioned cipher suites are not supported for OpenSSL?

Answer 1

i tested with 1.1.0-pre6 on my Mac. this will help you.

first build with

$ ./Configure no-shared  darwin64-x86_64-cc
$ make

try following steps

step.1 generate ecdsa key, cert for ssl server(plus ca key, certs)

$ cd apps
$ cat my-test.sh
#!/bin/bash

export RANDFILE=.rnd
./openssl ecparam -name secp521r1 -out my-ca-key.pem -genkey
./openssl req -new -x509 -days 365 -key my-ca-key.pem -out my-ca-cert.pem -config openssl.cnf

./openssl ecparam -name secp521r1 -out my-server-key.pem -genkey
./openssl req -new -key my-server-key.pem -out my-server-csr.pem -config openssl.cnf
./openssl x509 -req -days 365 -in my-server-csr.pem -CA my-ca-cert.pem -CAkey my-ca-key.pem -set_serial 01 -out my-server-cert.pem

$ sh my-test.sh

step.2 open two terminals, run following commands for each terminal

terminal 1:

$ ./openssl s_server -debug  -key my-server-key.pem -cert my-server-cert.pem -CAfile my-ca-cert.pem -cipher ECDHE-ECDSA-AES128-CCM8

terminal 2:

$ ./openssl s_client -debug  -cipher ECDHE-ECDSA-AES128-CCM8