Thanks Matt, that has cleared up my confusion. Kind regards Paul On Fri, Mar 15, 2024 at 6:31 AM Matt Caswell <matt@xxxxxxxxxxx> wrote: > > On 14/03/2024 20:45, Paul Sheer wrote: > > I would like to make an end-to-end secure-socket connection using > > openssl 3.2 (or later) on both ends (SSL_connect + SSL_accept) and > > force both the client and server to pick a cipher like > > "SM2-ECDHE/ECC-SM4-CBC/GSM-SM3". Normally I can force a cipher with > > SSL_CTX_set_ciphersuites() > > > > I was reading through the git commit logs for "SM2" and this seems to > > have been coded. However I am having difficulty working out if this is > > intended to work end-to-end right now or whether the support is > > "preliminary". > > SM2/SM3/SM4 support exists in libcrypto only. There is no support in > libssl. So you can use the underlying crypto primitives, but you cannot > create TLS connections using them. > > PRs for adding this would be considered. > > Matt
