Chinese Guomi (SM2/SM3/SM4) Algorithms for end-to-end sockets

Paul Sheer paulsheer at gmail.com
Mon Mar 18 21:30:56 UTC 2024


Thanks Matt, that has cleared up my confusion.

Kind regards

Paul



On Fri, Mar 15, 2024 at 6:31 AM Matt Caswell <matt at openssl.org> wrote:
>
> On 14/03/2024 20:45, Paul Sheer wrote:
> > I would like to make an end-to-end secure-socket connection using
> > openssl 3.2 (or later) on both ends (SSL_connect + SSL_accept) and
> > force both the client and server to pick a cipher like
> > "SM2-ECDHE/ECC-SM4-CBC/GSM-SM3". Normally I can force a cipher with
> > SSL_CTX_set_ciphersuites()
> >
> > I was reading through the git commit logs for "SM2" and this seems to
> > have been coded. However I am having difficulty working out if this is
> > intended to work end-to-end right now or whether the support is
> > "preliminary".
>
> SM2/SM3/SM4 support exists in libcrypto only. There is no support in
> libssl. So you can use the underlying crypto primitives, but you cannot
> create TLS connections using them.
>
> PRs for adding this would be considered.
>
> Matt


More information about the openssl-users mailing list