On 14/03/2024 20:45, Paul Sheer wrote:
I would like to make an end-to-end secure-socket connection using openssl 3.2 (or later) on both ends (SSL_connect + SSL_accept) and force both the client and server to pick a cipher like "SM2-ECDHE/ECC-SM4-CBC/GSM-SM3". Normally I can force a cipher with SSL_CTX_set_ciphersuites() I was reading through the git commit logs for "SM2" and this seems to have been coded. However I am having difficulty working out if this is intended to work end-to-end right now or whether the support is "preliminary".
SM2/SM3/SM4 support exists in libcrypto only. There is no support in libssl. So you can use the underlying crypto primitives, but you cannot create TLS connections using them.
PRs for adding this would be considered. Matt
