[openssl-users] Integrating New Cipher Suite
Matt Caswell
matt at openssl.org
Mon Apr 10 10:03:05 UTC 2017
On 08/04/17 18:56, Schmicker, Robert wrote:
> Hello,
>
> I'm attempting to integrate a customized cipher suite for TLS 1.2,
> however no matter what I try I always seem to end up with this error
> (client side):
>
> SSL routines:ssl_cipher_list_to_bytes:no ciphers
> available:ssl/statem/statem_clnt.c:3567
>
> Can anyone give some further explanation on this?
There is no way of dynamically adding new TLS1.2 ciphersuites into
OpenSSL. The only way to do this is to modify the source code. If that's
what you've done then you're going to need to provide a lot more
information about the changes you have made before anyone can help!
Matt
>
> Here's some snippets from the client and server setup.
>
> client:
>
> SSL_CTX* InitCTX(void)
> { const SSL_METHOD *method;
> SSL_CTX *ctx;
>
> OpenSSL_add_all_algorithms(); /* Load cryptos, et.al. */
> SSL_load_error_strings(); /* Bring in and register error messages */
> method = SSLv23_client_method(); /* Create new client-method
> instance */
> ctx = SSL_CTX_new(method); /* Create new context */
>
> /* Set cipher to use */
> if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
> printf("Error setting the cipher list.\n");
> exit(0);
> }
>
>
> if ( ctx == NULL )
> {
> ERR_print_errors_fp(stderr);
> abort();
> }
> return ctx;
> }
>
> server:
>
> SSL_CTX* InitServerCTX(void)
> { const SSL_METHOD *method;
> SSL_CTX *ctx;
>
> OpenSSL_add_all_algorithms(); /* load & register all cryptos, etc. */
> SSL_load_error_strings(); /* load all error messages */
> method = SSLv23_server_method(); /* create new server-method
> instance */
> ctx = SSL_CTX_new(method); /* create new context from method */
>
> /* Set cipher to use */
> if (SSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-MYCIPHER-SHA256") <= 0) {
> printf("Error setting the cipher list.\n");
> exit(0);
> }
>
> if ( ctx == NULL )
> {
> ERR_print_errors_fp(stderr);
> abort();
> }
> return ctx;
> }
>
> Thank you,
> Rob
>
More information about the openssl-users
mailing list