SM2/3/4 algorithm based TLS connections

Matt Caswell matt at
Tue Jun 29 10:02:29 UTC 2021

On 29/06/2021 10:29, Kevin Lengauer wrote:
> Dear openssl-team and users
> Is it possible with OpenSSL 1.1.1k to do a TLS handshake using key 
> material and certificate based on SM2/SM3/SM4 assuming I somehow got my 
> hands on such keys/certificates?
> I think it is only possible with OpenSSL 3.0 to create them.
> After checking the web and the source code of the recent OpenSSL 1.1.1k 
> version I doubt that this is possible and also did not find any 
> corresponding cipher suites.
> Is this assumption correct or is there a way to do a TLS1.2 or TLS1.3 
> handshake with the aforementioned algorithms?

You are correct, there are no suitable ciphersuites and it is not 
possible to add an SM2 based certificate to an SSL_CTX/SSL.

> I am aware that the Chinese “GM/T 0024” protocol is not part of OpenSSL 
> (yet) based on this github issue: 
> <>



More information about the openssl-users mailing list