Topic: [SOLVED] Enable cipher suites
Hello,
First of all, I'm new to criptography and security, so please, go easy on me
I'm doing some research on IoT protocols. I've a working tinydtls+libcoap example, and I'm trying to change the tinydtls part to wolfssl. To do that, first I want to connect a tinydtls client with a wolfssl server and vice versa. For that, I need to enable TLS_PSK_WITH_AES_128_CCM_8 and/or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 suites, as they are the only ones that tinydtls support for now.
In the manual, https://www.wolfssl.com/wolfSSL/Docs-wo … tures.html, it says that both of them are supported in the AES-CCM cipher suites part.
AES-CCM cipher suites
TLS_RSA_WITH_AES_128_CCM_8_SHA256
TLS_RSA_WITH_AES_256_CCM_8_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
TLS_PSK_WITH_AES_128_CCM
TLS_PSK_WITH_AES_256_CCM
TLS_PSK_WITH_AES_128_CCM_8
TLS_PSK_WITH_AES_256_CCM_8
I'm using version 3.8.1 of wolfssl and I don't se how can I enable these suites. If I configure (probably enabling more features than needed)
./configure --enable-dtls --enable-debug --enable-psk --enable-aesccm --enable-sslv3 --enable-ecc --enable-pwdbased --enable-tlsx
and after compiling I run
./examples/client/client -e
I get that the available suites are:
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
DHE-PSK-AES128-GCM-SHA256
DHE-PSK-AES128-CBC-SHA256
DHE-PSK-AES128-CCM
DHE-PSK-AES256-CCM
ECDHE-ECDSA-AES128-CCM-8
ECDHE-ECDSA-AES256-CCM-8
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-CHACHA20-POLY1305
ECDHE-ECDSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305-OLD
ECDHE-ECDSA-CHACHA20-POLY1305-OLD
DHE-RSA-CHACHA20-POLY1305-OLD
ECDHE-PSK-AES128-CBC-SHA256
PSK-CHACHA20-POLY1305
ECDHE-PSK-CHACHA20-POLY1305
DHE-PSK-CHACHA20-POLY1305
In the README file of the source, it says:
wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH.
Does that mean that I can't use TLS_PSK_WITH_AES_128_CCM_8 and/or TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 with the 3.8.1 version or am I missing something?
Thank you in advance,
Markel