Hello all, While investigating if and how OpenSSL in several versions could be made to support authenticated encryption in CMS [1], I noticed that, e.g., AES in CCM and GCM modes disappeared completely in newer versions from the command line tools. That is, while, e.g., > openssl version OpenSSL 1.0.2g 1 Mar 2016 > openssl enc -ciphers 2>&1 | grep -E -i -- '-(ccm|gcm)' -aes-128-ccm -aes-128-cfb -aes-128-cfb1 -aes-128-gcm -aes-128-ofb -aes-128-xts -aes-192-cbc -aes-192-ccm -aes-192-cfb -aes-192-ecb -aes-192-gcm -aes-192-ofb -aes-256-ccm -aes-256-cfb -aes-256-cfb1 -aes-256-gcm -aes-256-ofb -aes-256-xts -gost89-cnt -id-aes128-CCM -id-aes128-GCM -id-aes128-wrap -id-aes192-CCM -id-aes192-GCM -id-aes192-wrap -id-aes256-CCM -id-aes256-GCM provides the modes, > openssl version OpenSSL 1.1.0h 27 Mar 2018 > openssl enc -ciphers | grep -E -i -- '-(ccm|gcm)' does not. The respective algorithms, such as EVP_aes_256_gcm() , appear to be available in both versions' libraries, though. Would someone perhaps involved in the release process be able to explain the reasoning behind dropping the authenticated encryption modes from the command line tools? Are there plans to extend OpenSSL's current support for CMS [2] to newer CMS versions? Or is there even a connection between the two, preventing the latter? Thanks, Christian [1] https://tools.ietf.org/html/rfc5083 [2] https://tools.ietf.org/html/rfc3369 -- *Christian Böhme* Developer System Integration CLOUD&HEAT *CLOUD & HEAT Technologies GmbH* Königsbrücker Str. 96 (Halle 15) | 01099 Dresden Tel: +49 351 479 3670 - 100 Fax: +49 351 479 3670 - 110 E-Mail: christian.boehme@xxxxxxxxxxxxxxxx <mailto:christian.boehme@xxxxxxxxxxxxxxxx> Web: https://www.cloudandheat.com <https://www.cloudandheat.com> Handelsregister: Amtsgericht Dresden Registernummer: HRB 30549 USt.-Ident.-Nr.: DE281093504 Geschäftsführer: Nicolas Röhrs
Attachment:
signature.asc
Description: OpenPGP digital signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
