SM2/3/4 algorithm based TLS connections

Kevin Lengauer kevin.lengauer at adnovum.ch
Tue Jun 29 10:06:32 UTC 2021


Dear Matt

Thank you for the quick reply and confirmation.

Regards
Kevin

> Am 29.06.2021 um 12:02 schrieb Matt Caswell <matt at openssl.org>:
> 
> 
> 
>> On 29/06/2021 10:29, Kevin Lengauer wrote:
>> Dear openssl-team and users
>> Is it possible with OpenSSL 1.1.1k to do a TLS handshake using key material and certificate based on SM2/SM3/SM4 assuming I somehow got my hands on such keys/certificates?
>> I think it is only possible with OpenSSL 3.0 to create them.
>> After checking the web and the source code of the recent OpenSSL 1.1.1k version I doubt that this is possible and also did not find any corresponding cipher suites.
>> Is this assumption correct or is there a way to do a TLS1.2 or TLS1.3 handshake with the aforementioned algorithms?
> 
> You are correct, there are no suitable ciphersuites and it is not possible to add an SM2 based certificate to an SSL_CTX/SSL.
> 
> 
>> I am aware that the Chinese “GM/T 0024” protocol is not part of OpenSSL (yet) based on this github issue: https://github.com/openssl/openssl/issues/12473 <https://github.com/openssl/openssl/issues/12473>
> 
> Correct.
> 
> Matt
> 


More information about the openssl-users mailing list