On 03/09/15 07:22, Bryce Kahle wrote: > I would like to use openssl as a basic DTLS server from the command line > using: openssl s_server -dtls1_2 > > The catch is I want to require the TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 > cipher suite. It appears OpenSSL currently doesn?t support this cipher > suite, even though it supports the both ECDHE_ECDSA and AES_128_CCM_8 Released versions support ECDHE_ECDSA based ciphersuites, and libcrypto supports CCM. Released versions of libssl do not support any CCM based TLS ciphersuites. > individually as separate operations. > > Is there some small change I can make to enable support of this cipher > suite? Perhaps this is already supported in an un-released version? Support for this ciphersuite has recently been added to the master branch (unreleased version 1.1.0). The changes required are non-trivial so I would recommend against a backport. See: https://github.com/openssl/openssl/commit/e75c5a794e71baa3d76214be3ac8dc6e082e4a1a https://github.com/openssl/openssl/commit/3d3701ea20ca36215e3af5ac090797cfec5fca2a https://github.com/openssl/openssl/commit/176f85a28ec73b16f68a4f1737fb4645b9e9ae7b https://github.com/openssl/openssl/commit/f8f5f8369d1d76fd8ec28d3d2422a47f8440f452 https://github.com/openssl/openssl/commit/04dc8b36ef40d7ba8f33ff3d6c7c87a921e0715e Matt
