[openssl-users] TLS_PSK_WITH_AES_128_CCM_8 Cipher Suite Support?
Dr. Stephen Henson
steve at openssl.org
Wed Aug 5 17:40:23 UTC 2015
On Wed, Aug 05, 2015, Colin Foe-Parker wrote:
> Good Morning,
>
> I am trying to set up a TLS connection between an embedded processor and
> remote server using the TLS_PSK_WITH_AES_128_CCM_8 cipher suite. This
> cipher suite is supported on the device side and I can find aes-128-ccm as
> a possibility on the fresh git clone of openssl. (using ./openssl enc
> -help)
>
> I have also found the "Making AES-CCM available as a TLS-negotiated cipher
> suite" post by Paul Muschick in 2012.
> http://www.mail-archive.com/openssl-users%40openssl.org/msg67169.html
>
> This is my first foray into the openssl realm, so please for my ignorance,
> but is there is a reason why this cipher suite isn't currently supported?
> (I.e. saving society from itself :)) And if not, does anyone have any
> relevant guidance so that I can start looking into creating a patch?
>
The enc command just uses ciphers for bulk encryption and doesn't support
AEAD ciphers at all currently.
Support in a ciphersuites is a different thing and the "ciphers" utility
reports that. However CCM mode is not currently supported in OpenSSL. I have
some prototype code that does add CCM support but it has not currently been
included in OpenSSL itself (it is undergoing internal review). It does
include the TLS_PSK_WITH_AES_128_CCM_8 ciphersuite.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list