ERL-745: Support more PSK ciphers - CCM

[OTP-Maintainer]

Original reporter: terry-xiaoyu
Affected version: OTP-21.1
Fixed in version: OTP-22.0
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-745

---

Hi, 

I am using DTLS with PSK (on OTP-21.1), but I can not find the correct cipher suites from the supported cipher list: 
==============================
3> rp(ssl:cipher_suites(all)).
[{ecdhe_ecdsa,aes_256_gcm,aead,sha384},
 {ecdhe_rsa,aes_256_gcm,aead,sha384},
 {ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdhe_rsa,aes_256_cbc,sha384,sha384},
 {ecdh_ecdsa,aes_256_gcm,aead,sha384},
 {ecdh_rsa,aes_256_gcm,aead,sha384},
 {ecdh_ecdsa,aes_256_cbc,sha384,sha384},
 {ecdh_rsa,aes_256_cbc,sha384,sha384},
 {dhe_rsa,aes_256_gcm,aead,sha384},
 {dhe_dss,aes_256_gcm,aead,sha384},
 {dhe_rsa,aes_256_cbc,sha256},
 {dhe_dss,aes_256_cbc,sha256},
 {ecdhe_ecdsa,aes_128_gcm,aead,sha256},
 {ecdhe_rsa,aes_128_gcm,aead,sha256},
 {ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdhe_rsa,aes_128_cbc,sha256,sha256},
 {ecdh_ecdsa,aes_128_gcm,aead,sha256},
 {ecdh_rsa,aes_128_gcm,aead,sha256},
 {ecdh_ecdsa,aes_128_cbc,sha256,sha256},
 {ecdh_rsa,aes_128_cbc,sha256,sha256},
 {dhe_rsa,aes_128_gcm,aead,sha256},
 {dhe_dss,aes_128_gcm,aead,sha256},
 {dhe_rsa,aes_128_cbc,sha256},
 {dhe_dss,aes_128_cbc,sha256},
 {ecdhe_ecdsa,aes_256_cbc,sha},
 {ecdhe_rsa,aes_256_cbc,sha},
 {dhe_rsa,aes_256_cbc,sha},
 {dhe_dss,aes_256_cbc,sha},
 {ecdh_ecdsa,aes_256_cbc,sha},
 {ecdh_rsa,aes_256_cbc,sha},
 {ecdhe_ecdsa,aes_128_cbc,sha},
 {ecdhe_rsa,aes_128_cbc,sha},
 {dhe_rsa,aes_128_cbc,sha},
 {dhe_dss,aes_128_cbc,sha},
 {ecdh_ecdsa,aes_128_cbc,sha},
 {ecdh_rsa,aes_128_cbc,sha},
 {rsa_psk,aes_256_gcm,aead,sha384},
 {rsa_psk,aes_256_cbc,sha384},
 {rsa_psk,aes_128_gcm,aead,sha256},
 {rsa_psk,aes_128_cbc,sha256},
 {rsa_psk,aes_256_cbc,sha},
 {rsa_psk,aes_128_cbc,sha},
 {rsa_psk,'3des_ede_cbc',sha},
 {rsa_psk,rc4_128,sha},
 {srp_rsa,'3des_ede_cbc',sha},
 {srp_dss,'3des_ede_cbc',sha},
 {srp_rsa,aes_128_cbc,sha},
 {srp_dss,aes_128_cbc,sha},
 {srp_rsa,aes_256_cbc,sha},
 {srp_dss,aes_256_cbc,sha},
 {ecdhe_ecdsa,rc4_128,sha},
 {ecdhe_rsa,rc4_128,sha},
 {ecdh_ecdsa,rc4_128,sha},
 {ecdh_rsa,rc4_128,sha},
 {rsa,rc4_128,sha},
 {rsa,rc4_128,md5},
 {dhe_rsa,des_cbc,sha},
 {rsa,des_cbc,sha},
 {ecdhe_ecdsa,'3des_ede_cbc',sha},
 {ecdhe_rsa,'3des_ede_cbc',sha},
 {dhe_rsa,'3des_ede_cbc',sha},
 {dhe_dss,'3des_ede_cbc',sha},
 {ecdh_ecdsa,'3des_ede_cbc',sha},
 {ecdh_rsa,'3des_ede_cbc',sha},
 {rsa,aes_256_gcm,aead,sha384},
 {rsa,aes_256_cbc,sha256},
 {rsa,aes_128_gcm,aead,sha256},
 {rsa,aes_128_cbc,sha256},
 {rsa,aes_256_cbc,sha},
 {rsa,aes_128_cbc,sha},
 {rsa,'3des_ede_cbc',sha}]
==============================

What I am looking for is `TLS_PSK_WITH_AES_128_CBC_SHA256` and `TLS_PSK_WITH_AES_128_CCM_8`. I think they might be supported by OTP-21.1, but I am not sure as they are not listed in the output of `ssl:cipher_suites(all)`.

I found a [wiki](https://github.com/erlang/otp/wiki/Cipher-suite-correspondence-table) about this, but it seems to be outdated. 
Could you confirm this? Can I use following SSL config in my application?

==============================
{ciphers, [{psk, aes_128_cbc, sha256},
                 {psk, aes_128_ccm, 8}
]}
==============================

Best Regards,
//Shawn

[OTP-Maintainer]

ingela said:

 ssl:cipher_suites(anonymous, 'tlsv1.2').   Will show among other

#{cipher => aes_128_cbc,key_exchange => ecdhe_psk,
   mac => sha256,prf => default_prf},

CCM is currently not supported, but probably will be in a future release.

As for the table it was not created by the OTP team.

[OTP-Maintainer]

terry-xiaoyu said:

I've changed this issue to 'New Feature', requiring the 'CCM' ciphers. 

[OTP-Maintainer]

terry-xiaoyu said:

Hi, is there any way to add my own CCM ciphers? Do I have to make the changes and rebuild my own OTP?

[OTP-Maintainer]

ingela said:

Needed support in the crypto application was recently added. So now the ssl application needs to be updated to handle CCM cipher suites. You can always create a PR to add it.  

[OTP-Maintainer]

ingela said:

It is in the backlog for OTP 22, but not promising it will make it.