Chinese Guomi (SM2/SM3/SM4) Algorithms for end-to-end sockets

Paul Sheer paulsheer at gmail.com
Thu Mar 14 20:45:27 UTC 2024


I would like to make an end-to-end secure-socket connection using
openssl 3.2 (or later) on both ends (SSL_connect + SSL_accept) and
force both the client and server to pick a cipher like
"SM2-ECDHE/ECC-SM4-CBC/GSM-SM3". Normally I can force a cipher with
SSL_CTX_set_ciphersuites()

I was reading through the git commit logs for "SM2" and this seems to
have been coded. However I am having difficulty working out if this is
intended to work end-to-end right now or whether the support is
"preliminary".

I am aware that GmSSL has a dedicated standalone repository for Guomi,
but I would prefer to use vanilla OpenSSL even if this is a developer
version.

Many thanks

Paul


More information about the openssl-users mailing list