You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original reporter: terry-xiaoyu
Affected version: OTP-21.1
Fixed in version: OTP-22.0
Component: ssl
Migrated from: https://bugs.erlang.org/browse/ERL-745
Hi,
I am using DTLS with PSK (on OTP-21.1), but I can not find the correct cipher suites from the supported cipher list:
==============================
3> rp(ssl:cipher_suites(all)).
[{ecdhe_ecdsa,aes_256_gcm,aead,sha384},
{ecdhe_rsa,aes_256_gcm,aead,sha384},
{ecdhe_ecdsa,aes_256_cbc,sha384,sha384},
{ecdhe_rsa,aes_256_cbc,sha384,sha384},
{ecdh_ecdsa,aes_256_gcm,aead,sha384},
{ecdh_rsa,aes_256_gcm,aead,sha384},
{ecdh_ecdsa,aes_256_cbc,sha384,sha384},
{ecdh_rsa,aes_256_cbc,sha384,sha384},
{dhe_rsa,aes_256_gcm,aead,sha384},
{dhe_dss,aes_256_gcm,aead,sha384},
{dhe_rsa,aes_256_cbc,sha256},
{dhe_dss,aes_256_cbc,sha256},
{ecdhe_ecdsa,aes_128_gcm,aead,sha256},
{ecdhe_rsa,aes_128_gcm,aead,sha256},
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256},
{ecdhe_rsa,aes_128_cbc,sha256,sha256},
{ecdh_ecdsa,aes_128_gcm,aead,sha256},
{ecdh_rsa,aes_128_gcm,aead,sha256},
{ecdh_ecdsa,aes_128_cbc,sha256,sha256},
{ecdh_rsa,aes_128_cbc,sha256,sha256},
{dhe_rsa,aes_128_gcm,aead,sha256},
{dhe_dss,aes_128_gcm,aead,sha256},
{dhe_rsa,aes_128_cbc,sha256},
{dhe_dss,aes_128_cbc,sha256},
{ecdhe_ecdsa,aes_256_cbc,sha},
{ecdhe_rsa,aes_256_cbc,sha},
{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{ecdh_ecdsa,aes_256_cbc,sha},
{ecdh_rsa,aes_256_cbc,sha},
{ecdhe_ecdsa,aes_128_cbc,sha},
{ecdhe_rsa,aes_128_cbc,sha},
{dhe_rsa,aes_128_cbc,sha},
{dhe_dss,aes_128_cbc,sha},
{ecdh_ecdsa,aes_128_cbc,sha},
{ecdh_rsa,aes_128_cbc,sha},
{rsa_psk,aes_256_gcm,aead,sha384},
{rsa_psk,aes_256_cbc,sha384},
{rsa_psk,aes_128_gcm,aead,sha256},
{rsa_psk,aes_128_cbc,sha256},
{rsa_psk,aes_256_cbc,sha},
{rsa_psk,aes_128_cbc,sha},
{rsa_psk,'3des_ede_cbc',sha},
{rsa_psk,rc4_128,sha},
{srp_rsa,'3des_ede_cbc',sha},
{srp_dss,'3des_ede_cbc',sha},
{srp_rsa,aes_128_cbc,sha},
{srp_dss,aes_128_cbc,sha},
{srp_rsa,aes_256_cbc,sha},
{srp_dss,aes_256_cbc,sha},
{ecdhe_ecdsa,rc4_128,sha},
{ecdhe_rsa,rc4_128,sha},
{ecdh_ecdsa,rc4_128,sha},
{ecdh_rsa,rc4_128,sha},
{rsa,rc4_128,sha},
{rsa,rc4_128,md5},
{dhe_rsa,des_cbc,sha},
{rsa,des_cbc,sha},
{ecdhe_ecdsa,'3des_ede_cbc',sha},
{ecdhe_rsa,'3des_ede_cbc',sha},
{dhe_rsa,'3des_ede_cbc',sha},
{dhe_dss,'3des_ede_cbc',sha},
{ecdh_ecdsa,'3des_ede_cbc',sha},
{ecdh_rsa,'3des_ede_cbc',sha},
{rsa,aes_256_gcm,aead,sha384},
{rsa,aes_256_cbc,sha256},
{rsa,aes_128_gcm,aead,sha256},
{rsa,aes_128_cbc,sha256},
{rsa,aes_256_cbc,sha},
{rsa,aes_128_cbc,sha},
{rsa,'3des_ede_cbc',sha}]
==============================
What I am looking for is `TLS_PSK_WITH_AES_128_CBC_SHA256` and `TLS_PSK_WITH_AES_128_CCM_8`. I think they might be supported by OTP-21.1, but I am not sure as they are not listed in the output of `ssl:cipher_suites(all)`.
I found a [wiki](https://github.com/erlang/otp/wiki/Cipher-suite-correspondence-table) about this, but it seems to be outdated.
Could you confirm this? Can I use following SSL config in my application?
==============================
{ciphers, [{psk, aes_128_cbc, sha256},
{psk, aes_128_ccm, 8}
]}
==============================
Best Regards,
//Shawn
The text was updated successfully, but these errors were encountered:
ssl:cipher_suites(anonymous, 'tlsv1.2'). Will show among other
#{cipher => aes_128_cbc,key_exchange => ecdhe_psk,
mac => sha256,prf => default_prf},
CCM is currently not supported, but probably will be in a future release.
As for the table it was not created by the OTP team.
Needed support in the crypto application was recently added. So now the ssl application needs to be updated to handle CCM cipher suites. You can always create a PR to add it.
Original reporter:
terry-xiaoyu
Affected version:
OTP-21.1
Fixed in version:
OTP-22.0
Component:
ssl
Migrated from: https://bugs.erlang.org/browse/ERL-745
The text was updated successfully, but these errors were encountered: