Chinese Guomi (SM2/SM3/SM4) Algorithms for end-to-end sockets
Matt Caswell
matt at openssl.org
Fri Mar 15 11:31:16 UTC 2024
On 14/03/2024 20:45, Paul Sheer wrote:
> I would like to make an end-to-end secure-socket connection using
> openssl 3.2 (or later) on both ends (SSL_connect + SSL_accept) and
> force both the client and server to pick a cipher like
> "SM2-ECDHE/ECC-SM4-CBC/GSM-SM3". Normally I can force a cipher with
> SSL_CTX_set_ciphersuites()
>
> I was reading through the git commit logs for "SM2" and this seems to
> have been coded. However I am having difficulty working out if this is
> intended to work end-to-end right now or whether the support is
> "preliminary".
SM2/SM3/SM4 support exists in libcrypto only. There is no support in
libssl. So you can use the underlying crypto primitives, but you cannot
create TLS connections using them.
PRs for adding this would be considered.
Matt
More information about the openssl-users
mailing list