Regarding TLS call failure on Openssl3.0 with cipher : ECDH-ECDSA-AES256-SHA384

Viktor Dukhovni openssl-users at dukhovni.org
Fri Nov 18 05:53:39 UTC 2022 

On Fri, Nov 18, 2022 at 05:12:09AM +0000, Raman, Ina wrote:

> I was trying to test TLS call with cipher suite :
> tls_ecdh_ecdsa_with_aes_256_cbc_sha384 but it fails.

You probably actually wanted "ecdhe" not "ecdh", but see below.

> It fails on SSL_set_cipher_list API.

This API, and the cipher you had in mind apply only to TLS 1.2, with TLS
1.3 there is a separate API for setting the data encryption ciphers,
which are configured separately from signature schemes, and key
exchange "groups", but see below.

> The list contains the mentioned cipher but still it is failing to set
> that.

Actually the list does not contain that cipher:

- The available TLS 1.2 ciphers are ECDHE not ECDH.

    $ openssl ciphers -stdname -s -tls1_2 | awk '{print $1}' | grep ECDH
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CCM
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_128_CCM
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

- The standard names are "output only" when configuring ciphers you
  need to use the OpenSSL names.

    $ openssl ciphers -stdname -s -tls1_2 -v ECDHE-ECDSA-AES256-GCM-SHA384
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD

    $ openssl ciphers -stdname -s -tls1_2 -v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    Error in cipher list
    C0F16339DF7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:

- Cipher names are case-sensitive.

    $ openssl ciphers -stdname -s -tls1_2 -v $(echo ECDHE-ECDSA-AES256-GCM-SHA384 | tr A-Z a-z)
    Error in cipher list
    C0F1755DCB7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:

- TLS 1.3 uses none of the above:

    $ openssl ciphers -s -v -tls1_3
    TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
    TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
    TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
    TLS_AES_128_CCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESCCM(128)            Mac=AEAD

> I wanted to know if this cipher is supported with openssl 3.0 or not .

Multiple mistakes:

* Wrong API for TLS 1.3
* Desired cipher not applicable to TLS 1.3 anyway
* Typo "ecdh" instead of "ecdhe"
* Cipher name was lower case
* Cipher name was the RFC name, not the OpenSSL name.

Any one mistake it sufficient, but 5 is impressive. :-)

-- 
    Viktor.

More information about the openssl-users mailing list