• Registered: 2024-04-21
  • Posts: 2

Topic: TLS1.3 ciphersuite question

Hi,
We are using wolfSSL 5.7.0 to create a TLS 1.3 server.  After initialising the server I then add a single cipher suite (TLS_AES_128_GCM_SHA256) using SSL_CTX_set_ciphersuites.

When I query the server using NMAP I see that two cipher suites are reported:

| ssl-enum-ciphers:
|   TLSv1.3:
|     ciphers:
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_AKE_WITH_AES_128_CCM_8_SHA256 (secp256r1) - A

How do I get rid of the CCM_8 cipher suite - while still retaining support for TLS_AES_128_GCN_SHA256 and TLS_AES_256_GCN_SHA384?

thanks,
Simon

Share

  • Registered: 2021-07-06
  • Posts: 139

Re: TLS1.3 ciphersuite question

Hi Simon,

To remove support for our AES CCM cipher suites, build wolfSSL with HAVE_AESCCM not defined.  If you are using configure, you can use the argument --disable-aesccm to disable this.

Thanks,
Kareem

Share

  • Registered: 2021-07-06
  • Posts: 139

Re: TLS1.3 ciphersuite question

Hi Simon,

It looks like you have a support contract on file with us, please contact us at support [AT] wolfssl [DOT] com so we can prioritize your support.

Thanks,
Kareem

Share

  • Registered: 2024-04-21
  • Posts: 2

Re: TLS1.3 ciphersuite question

Thanks Kareem,
I'll try this and let you know if I still have problems.
cheers,
Simon

Share