[openssl-users] DTLS cipher suite support

Matt Caswell matt at openssl.org
Thu Sep 3 08:31:22 UTC 2015

On 03/09/15 07:22, Bryce Kahle wrote:
> I would like to use openssl as a basic DTLS server from the command line
> using: openssl s_server -dtls1_2
> The catch is I want to require the TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
> cipher suite. It appears OpenSSL currently doesn’t support this cipher
> suite, even though it supports the both ECDHE_ECDSA and AES_128_CCM_8

Released versions support ECDHE_ECDSA based ciphersuites, and libcrypto
supports CCM. Released versions of libssl do not support any CCM based
TLS ciphersuites.

> individually as separate operations.
> Is there some small change I can make to enable support of this cipher
> suite? Perhaps this is already supported in an un-released version?

Support for this ciphersuite has recently been added to the master
branch (unreleased version 1.1.0). The changes required are non-trivial
so I would recommend against a backport. See:







More information about the openssl-users mailing list