Dear Matt Thank you for the quick reply and confirmation. Regards Kevin > Am 29.06.2021 um 12:02 schrieb Matt Caswell <matt@xxxxxxxxxxx>: > > > >> On 29/06/2021 10:29, Kevin Lengauer wrote: >> Dear openssl-team and users >> Is it possible with OpenSSL 1.1.1k to do a TLS handshake using key material and certificate based on SM2/SM3/SM4 assuming I somehow got my hands on such keys/certificates? >> I think it is only possible with OpenSSL 3.0 to create them. >> After checking the web and the source code of the recent OpenSSL 1.1.1k version I doubt that this is possible and also did not find any corresponding cipher suites. >> Is this assumption correct or is there a way to do a TLS1.2 or TLS1.3 handshake with the aforementioned algorithms? > > You are correct, there are no suitable ciphersuites and it is not possible to add an SM2 based certificate to an SSL_CTX/SSL. > > >> I am aware that the Chinese “GM/T 0024” protocol is not part of OpenSSL (yet) based on this github issue: https://github.com/openssl/openssl/issues/12473 <https://github.com/openssl/openssl/issues/12473> > > Correct. > > Matt >
