[openssl-users] Integrating New Cipher Suite
Dr. Stephen Henson
steve at openssl.org
Tue Apr 11 18:54:09 UTC 2017
On Tue, Apr 11, 2017, Schmicker, Robert wrote:
> Added a define in include/openssl/ssl.h:
> # define SSL_TXT_MYCIPHER "MYCIPHER"
>
> Integrated into ssl/s3_lib.c:
> static SSL_CIPHER ssl3_ciphers[] = {
>
> {
> 1,
> TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
> TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
> SSL_kECDHE,
> SSL_aECDSA,
> SSL_MYCIPHER,
> SSL_AEAD,
> TLS1_2_VERSION, TLS1_2_VERSION,
> DTLS1_2_VERSION, DTLS1_2_VERSION,
> SSL_HIGH | SSL_FIPS,
> SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
> 64,
> 64,
> },
That's a pretty small number of bits. Do you really mean it to be only 64?
Does you ciphersuite show up with cipher -s?
It's possible it is being rejected because it has insufficient security. If
the number of bits is really 64 you could try droppping the security level to
0 to allow it.
If that doesn't help enable trace support with enable-ssl-trace and then try
the -trace command ot s_client/s_server and see if the new ciphersuites is
sent in ClientHello
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list