Regarding TLS call failure on Openssl3.0 with cipher : ECDH-ECDSA-AES256-SHA384
Matt Caswell
matt at openssl.org
Fri Nov 18 11:01:32 UTC 2022
On 18/11/2022 05:53, Viktor Dukhovni wrote:
> On Fri, Nov 18, 2022 at 05:12:09AM +0000, Raman, Ina wrote:
>
>> I was trying to test TLS call with cipher suite :
>> tls_ecdh_ecdsa_with_aes_256_cbc_sha384 but it fails.
>
> You probably actually wanted "ecdhe" not "ecdh", but see below.
Support for the ECDH version was removed from OpenSSL 1.1.0 and above:
https://github.com/openssl/openssl/commit/ce0c1f2bb2fd296f10a2847844205df0ed95fb8e
Matt
>
>> It fails on SSL_set_cipher_list API.
>
> This API, and the cipher you had in mind apply only to TLS 1.2, with TLS
> 1.3 there is a separate API for setting the data encryption ciphers,
> which are configured separately from signature schemes, and key
> exchange "groups", but see below.
>
>> The list contains the mentioned cipher but still it is failing to set
>> that.
>
> Actually the list does not contain that cipher:
>
> - The available TLS 1.2 ciphers are ECDHE not ECDH.
>
> $ openssl ciphers -stdname -s -tls1_2 | awk '{print $1}' | grep ECDH
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
> TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_256_CCM
> TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_128_CCM
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
> TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
>
> - The standard names are "output only" when configuring ciphers you
> need to use the OpenSSL names.
>
> $ openssl ciphers -stdname -s -tls1_2 -v ECDHE-ECDSA-AES256-GCM-SHA384
> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
>
> $ openssl ciphers -stdname -s -tls1_2 -v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
> Error in cipher list
> C0F16339DF7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:
>
> - Cipher names are case-sensitive.
>
> $ openssl ciphers -stdname -s -tls1_2 -v $(echo ECDHE-ECDSA-AES256-GCM-SHA384 | tr A-Z a-z)
> Error in cipher list
> C0F1755DCB7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:
>
> - TLS 1.3 uses none of the above:
>
> $ openssl ciphers -s -v -tls1_3
> TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
> TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
> TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
>
>> I wanted to know if this cipher is supported with openssl 3.0 or not .
>
> Multiple mistakes:
>
> * Wrong API for TLS 1.3
> * Desired cipher not applicable to TLS 1.3 anyway
> * Typo "ecdh" instead of "ecdhe"
> * Cipher name was lower case
> * Cipher name was the RFC name, not the OpenSSL name.
>
> Any one mistake it sufficient, but 5 is impressive. :-)
>
More information about the openssl-users
mailing list