SM2/3/4 algorithm based TLS connections
Matt Caswell
matt at openssl.org
Tue Jun 29 10:02:29 UTC 2021
On 29/06/2021 10:29, Kevin Lengauer wrote:
> Dear openssl-team and users
>
> Is it possible with OpenSSL 1.1.1k to do a TLS handshake using key
> material and certificate based on SM2/SM3/SM4 assuming I somehow got my
> hands on such keys/certificates?
>
> I think it is only possible with OpenSSL 3.0 to create them.
>
> After checking the web and the source code of the recent OpenSSL 1.1.1k
> version I doubt that this is possible and also did not find any
> corresponding cipher suites.
>
> Is this assumption correct or is there a way to do a TLS1.2 or TLS1.3
> handshake with the aforementioned algorithms?
You are correct, there are no suitable ciphersuites and it is not
possible to add an SM2 based certificate to an SSL_CTX/SSL.
>
> I am aware that the Chinese “GM/T 0024” protocol is not part of OpenSSL
> (yet) based on this github issue:
> https://github.com/openssl/openssl/issues/12473
> <https://github.com/openssl/openssl/issues/12473>
Correct.
Matt
More information about the openssl-users
mailing list