On Wed, Aug 05, 2015, Colin Foe-Parker wrote: > Good Morning, > > I am trying to set up a TLS connection between an embedded processor and > remote server using the TLS_PSK_WITH_AES_128_CCM_8 cipher suite. This > cipher suite is supported on the device side and I can find aes-128-ccm as > a possibility on the fresh git clone of openssl. (using ./openssl enc > -help) > > I have also found the "Making AES-CCM available as a TLS-negotiated cipher > suite" post by Paul Muschick in 2012. > http://www.mail-archive.com/openssl-users%40openssl.org/msg67169.html > > This is my first foray into the openssl realm, so please for my ignorance, > but is there is a reason why this cipher suite isn't currently supported? > (I.e. saving society from itself :)) And if not, does anyone have any > relevant guidance so that I can start looking into creating a patch? > The enc command just uses ciphers for bulk encryption and doesn't support AEAD ciphers at all currently. Support in a ciphersuites is a different thing and the "ciphers" utility reports that. However CCM mode is not currently supported in OpenSSL. I have some prototype code that does add CCM support but it has not currently been included in OpenSSL itself (it is undergoing internal review). It does include the TLS_PSK_WITH_AES_128_CCM_8 ciphersuite. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
