OpenSSL 1.1.1 it supports only 3 out of 5 ciphers TLS 1.3

Question

I have a simple site by using Apache web server and OpenSSL 1.1.1. I have configured everything as it supposed to be, the thing is while TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 are showed that where selected for encryption the other two TLS_AES_128_CCM_8_SHA256,TLS_AES_128_CCM_SHA256 shows an error.

Proof that the first three are correctly picked

the error showed when a pick the last two ciphers

the code from httpd-ssl.conf here i only change the cipher which is picked nothing else, for the first three it worked.

Then i also went to check openssl.exe if there is any problem. And i found out that the last two ciphers aren't supported/or on the cipher list.

cipherlist via openssl

How can i add the last two cipher to the list so that i can use them? Or there is anything that i need to add so i can used them? I am using this for testing. Any help would be appriciated. Sorry for my bad english.

Answer 1

As per the OpenSSL TLSv1.3 documentation

OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:

• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_128_GCM_SHA256
• TLS_AES_128_CCM_8_SHA256
• TLS_AES_128_CCM_SHA256

Due to the major differences between the way that ciphersuites for TLSv1.2 and below and ciphersuites for TLSv1.3 work, they are configured in OpenSSL differently too.

By default the first three of the above ciphersuites are enabled by default. This means that if you have no explicit ciphersuite configuration then you will automatically use those three and will be able to negotiate TLSv1.3. Note that changing the TLSv1.2 and below cipher list has no impact on the TLSv1.3 ciphersuite configuration.

So if you just run openssl ciphers then you will just use the default cipher list and not see those last two.

However if you explicitly ask for them (using the new ciphersuites option for TLSv1.3), then you will see them if your version of OpenSSL supports them:

openssl ciphers -tls1_3 -v -s -ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any      Au=any  Enc=AESCCM8(128) Mac=AEAD
TLS_AES_128_CCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESCCM(128) Mac=AEAD

You also need an ECDSA certificate and not the usual RSA one, to be able to use those last two ciphers as discussed here: https://github.com/openssl/openssl/issues/8297 .

Also not aware of any browser that has implemented these CCM ciphers so not sure what you would use to connect via that at the moment even if you did sort it all out to get it working.

Answer 2

Go to file - ssl.h. Find macro - "TLS_DEFAULT_CIPHERSUITES".

Change this macro values to -

#define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:"
"TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_CCM_SHA256:"
"TLS_AES_128_CCM_8_SHA256:"
"TLS_AES_128_GCM_SHA256"

All 5 ciphers will start working. You can check all ciphers with command. openssl s_client -tls1_3 -ciphersuites 'TLS_AES_128_CCM_8_SHA256' -connect