[openssl-users] Integrating New Cipher Suite

Dr. Stephen Henson steve at openssl.org
Sun Oct 1 22:47:42 UTC 2017

On Sun, Oct 01, 2017, Wallboy wrote:

> Hi,
> I'm also interested in adding a few "pseudo" ciphersuites to OpenSSL.
> Notably the 16 GREASE ones Chrome currently uses (0x0A0A, 0x1A1A...0xFAFA).
> I made similar changes to the files listed in this thread and compiled
> successfully (based on 1.1.0f). I see the new cipher when doing "openssl
> ciphers ALL:eNULL". 
> However I had the same issue that when trying to include it using s_client,
> the ClientHello message did not actually send it:
> openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A" -connect
> www.google.com:443 -servername www.google.com
> ClientHello contained two ciphersuites. The first one listed and also the
> SCSV cipher
> I then tried this:
> openssl s_client -cipher "ECDHE-RSA-AES256-SHA:GREASE-0A0A:@SECLEVEL=0"
> -connect www.google.com:443 -servername www.google.com
> Bingo! But the ClientHello now sends 4 Ciphersuites. The first one listed,
> followed by my GREASE pseudo cipher, then TLS_RSA_WITH_RC4_128_MD5, then the
> SCSV cipher.
> I'm not sure why that RC4 cipher is sent. Although it probably has to do
> with the fact I structured that GREASE cipher after it:
>      {
>      1,
>      SSL3_TXT_GREASE1,
>      SSL3_CK_GREASE1,
>      SSL_kRSA,
>      SSL_aRSA,
>      SSL_RC4,
>      SSL_MD5,
>      0, 0,
>      128,
>      128,
>      },
> If I'm just trying to use it as a pseudo cipher for ClientHello messages,
> how should it look in the above struct? And how can I get it to send without
> specifying SECLEVEL=0?

If you want to specify the ciphersuites in the cipher string then they need to
be part of the list of ciphers. However these wouldn't be normal ciphersuites:
they'd never be selected by a server for example. Giving them separate
definitions and handling does go against the requirements of GREASE draft

Your problems are because you copied the definitions for that RC4 ciphersuite.
The fact it uses MD5 means it gets rules out at anything other than security
level 0.

If you just want to include them in a client hello you can do something
similar to the scsv code which adds its own pseudo-ciphersuite. In particular
the code in ssl_cipher_list_to_bytes().

> Bonus Question: Is it possible to remove the SCSV cipher in the ClientHello?

You can't remove it without making source changes. Again it's in the
ssl_cipher_list_to_bytes() function.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list