OK, figured this one out. I had added my ciphers in the wrong order in cipher list in s3_lib.c - they need to be added in order of id (i will read the code comments next time :) )
Regards, Lindani ________________________________ From: Lindani Phiri <linda...@yahoo.com> To: "openssl-users@openssl.org" <openssl-users@openssl.org> Sent: Tuesday, March 20, 2012 4:36 PM Subject: Adding new cipher suites to Openssl I would like to experiment with the PSK cipher suites defined in RFC 5487 (http://tools.ietf.org/html/rfc5487) and I am struggling to add support for these in Openssl. I am only interested in the variants compatible with TLS 1.1 : CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE}; CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF}; CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0}; CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1}; By tracing how current cipher suites are implemented, I was able to go as far as being able to display these ciphers using the "openssl ciphers -V PSK" command and using them to start up a client and server. However I am getting handshake failure because the server can't find a match for the new cipher suite when presented by the client. As far as I can tell the issue is that the "ssl3_get_cipher_by_char() " function in s3_lib.c returns an empty list when presented with new ids. Any hints on what I need to do to make this work? Thanks, Lindani
