Regarding TLS call failure on Openssl3.0 with cipher : ECDH-ECDSA-AES256-SHA384

Matt Caswell matt at openssl.org
Fri Nov 18 11:01:32 UTC 2022



On 18/11/2022 05:53, Viktor Dukhovni wrote:
> On Fri, Nov 18, 2022 at 05:12:09AM +0000, Raman, Ina wrote:
> 
>> I was trying to test TLS call with cipher suite :
>> tls_ecdh_ecdsa_with_aes_256_cbc_sha384 but it fails.
> 
> You probably actually wanted "ecdhe" not "ecdh", but see below.

Support for the ECDH version was removed from OpenSSL 1.1.0 and above:

https://github.com/openssl/openssl/commit/ce0c1f2bb2fd296f10a2847844205df0ed95fb8e

Matt

> 
>> It fails on SSL_set_cipher_list API.
> 
> This API, and the cipher you had in mind apply only to TLS 1.2, with TLS
> 1.3 there is a separate API for setting the data encryption ciphers,
> which are configured separately from signature schemes, and key
> exchange "groups", but see below.
> 
>> The list contains the mentioned cipher but still it is failing to set
>> that.
> 
> Actually the list does not contain that cipher:
> 
> - The available TLS 1.2 ciphers are ECDHE not ECDH.
> 
>      $ openssl ciphers -stdname -s -tls1_2 | awk '{print $1}' | grep ECDH
>      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
>      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
>      TLS_ECDHE_ECDSA_WITH_AES_256_CCM
>      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
>      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>      TLS_ECDHE_ECDSA_WITH_AES_128_CCM
>      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
>      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
>      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
>      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
>      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> 
> - The standard names are "output only" when configuring ciphers you
>    need to use the OpenSSL names.
> 
>      $ openssl ciphers -stdname -s -tls1_2 -v ECDHE-ECDSA-AES256-GCM-SHA384
>      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
> 
>      $ openssl ciphers -stdname -s -tls1_2 -v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
>      Error in cipher list
>      C0F16339DF7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:
> 
> - Cipher names are case-sensitive.
> 
>      $ openssl ciphers -stdname -s -tls1_2 -v $(echo ECDHE-ECDSA-AES256-GCM-SHA384 | tr A-Z a-z)
>      Error in cipher list
>      C0F1755DCB7F0000:error:0A0000B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl/ssl_lib.c:2746:
> 
> - TLS 1.3 uses none of the above:
> 
>      $ openssl ciphers -s -v -tls1_3
>      TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
>      TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
>      TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD
>      TLS_AES_128_CCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESCCM(128)            Mac=AEAD
> 
>> I wanted to know if this cipher is supported with openssl 3.0 or not .
> 
> Multiple mistakes:
> 
> * Wrong API for TLS 1.3
> * Desired cipher not applicable to TLS 1.3 anyway
> * Typo "ecdh" instead of "ecdhe"
> * Cipher name was lower case
> * Cipher name was the RFC name, not the OpenSSL name.
> 
> Any one mistake it sufficient, but 5 is impressive. :-)
> 


More information about the openssl-users mailing list