After some debugging (exactly as mentioned above) it appears that the cipher suite does not show up in the ClientHello using the s_client/s_server. I modified the cipher for testing to use 512 bits instead of 64 so that it is ranked highest.
Error server side: SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979 Error Client side: SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80 Any idea why the cipher would appear under the list of supported tls1.2 ciphers, yet it does not appear under the ClientHello even if specified with the -cipher option? Hmm... it's not clear why the cipher isn't being sent in client hello. What output do you get with -security_debug_verbose option? Also try including @SECLEVEL=0 in the cipher string. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org The -security_debug_verbose option confirmed it was not being sent in the client hello. Here is the s_server command used: openssl s_server -accept 6000 -tls1_2 -cert ./cert.pem -key ./key.pem -state -debug -msg -security_debug_verbose -cipher 'ECDHE-RSA-MYCIPHER-SHA256:@SECLEVEL=0' Output: Using default temp DH parameters Security callback: Certificate chain EE key=RSA, bits=4096, security bits=128: yes ACCEPT Security callback: Version=TLS 1.3: yes SSL_accept:before SSL initialization read from 0x55613d95d540 [0x55613d962b23] (5 bytes => 5 (0x5)) 0000 - 16 03 01 00 77 ....w <<< ??? [length 0005] 16 03 01 00 77 read from 0x55613d95d540 [0x55613d962b28] (119 bytes => 119 (0x77)) 0000 - 01 00 00 73 03 03 fa d8-cc c4 e4 fb 70 c1 49 95 ...s........p.I. 0010 - fe 21 20 76 b1 78 2a b9-db 5f b7 af b8 de 9a 2c .! v.x*.._....., 0020 - 5e de 74 d1 8f 66 00 00-04 c0 9c 00 ff 01 00 00 ^.t..f.......... 0030 - 46 00 0b 00 04 03 00 01-02 00 0a 00 0a 00 08 00 F............... 0040 - 1d 00 17 00 19 00 18 00-23 00 00 00 0d 00 20 00 ........#..... . 0050 - 1e 04 03 05 03 06 03 08-04 08 05 08 06 04 01 05 ................ 0060 - 01 06 01 02 03 02 01 02-02 04 02 05 02 06 02 00 ................ 0070 - 16 00 00 00 17 ..... 0077 - <SPACES/NULS> SSL_accept:before SSL initialization <<< TLS 1.3, Handshake [length 0077], ClientHello 01 00 00 73 03 03 fa d8 cc c4 e4 fb 70 c1 49 95 fe 21 20 76 b1 78 2a b9 db 5f b7 af b8 de 9a 2c 5e de 74 d1 8f 66 00 00 04 c0 9c 00 ff 01 00 00 46 00 0b 00 04 03 00 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 00 23 00 00 00 0d 00 20 00 1e 04 03 05 03 06 03 08 04 08 05 08 06 04 01 05 01 06 01 02 03 02 01 02 02 04 02 05 02 06 02 00 16 00 00 00 17 00 00 Security callback: Version=TLS 1.2: yes Security callback: : yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=ECDSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=ECDSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=ECDSA, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA256, algid=4, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algid=5, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algid=6, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=RSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=RSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=RSA, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=ECDSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=RSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=DSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=ECDSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=ECDSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=ECDSA, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA256, algid=4, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algid=5, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algid=6, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=RSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=RSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=RSA, security bits=256: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=ECDSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=RSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA1, algorithm=DSA, security bits=80: yes Security callback: Shared Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes Security callback: Shared Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes Security callback: Shared Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes >>> ??? [length 0005] 15 03 03 00 02 write to 0x55613d95d540 [0x55613d96be30] (7 bytes => 7 (0x7)) 0000 - 15 03 03 00 02 02 50 ......P >>> TLS 1.2, Alert [length 0002], fatal internal_error 02 50 SSL3 alert write:fatal:internal error SSL_accept:error in error ERROR 140404400543168:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:1979: shutting down SSL CONNECTION CLOSED ACCEPT And the s_client: openssl s_client -connect localhost:6000 -tls1_2 -state -debug -msg -security_debug_verbose -cipher 'ECDHE-RSA-MYCIPHER-SHA256:@SECLEVEL=0' Output: CONNECTED(00000003) Security callback: Version=TLS 1.3: yes SSL_connect:before SSL initialization Security callback: Version=TLS 1.2: yes Security callback: Signature Algorithm mask=SHA256, algorithm=ECDSA, security bits=128: yes Security callback: Signature Algorithm mask=SHA256, algid=4, security bits=128: yes Security callback: Signature Algorithm mask=SHA1, algorithm=DSA, security bits=80: yes Security callback: Version=TLS 1.2: yes Security callback: Supported Ciphersuite=ECDHE-RSA-NIGHTGALE-SHA256, security bits=512: yes Security callback: Version=TLS 1.2: yes Security callback: Supported Curve=X25519, security bits=128: yes Security callback: Supported Curve=P-256, security bits=128: yes Security callback: Supported Curve=P-521, security bits=256: yes Security callback: Supported Curve=P-384, security bits=192: yes Security callback: : yes Security callback: Supported Signature Algorithm digest=SHA256, algorithm=ECDSA, security bits=128: yes Security callback: Supported Signature Algorithm digest=SHA384, algorithm=ECDSA, security bits=192: yes Security callback: Supported Signature Algorithm digest=SHA512, algorithm=ECDSA, security bits=256: yes Security callback: Supported Signature Algorithm digest=SHA256, algid=4, security bits=128: yes Security callback: Supported Signature Algorithm digest=SHA384, algid=5, security bits=192: yes Security callback: Supported Signature Algorithm digest=SHA512, algid=6, security bits=256: yes Security callback: Supported Signature Algorithm digest=SHA256, algorithm=RSA, security bits=128: yes Security callback: Supported Signature Algorithm digest=SHA384, algorithm=RSA, security bits=192: yes Security callback: Supported Signature Algorithm digest=SHA512, algorithm=RSA, security bits=256: yes Security callback: Supported Signature Algorithm digest=SHA1, algorithm=ECDSA, security bits=80: yes Security callback: Supported Signature Algorithm digest=SHA1, algorithm=RSA, security bits=80: yes Security callback: Supported Signature Algorithm digest=SHA1, algorithm=DSA, security bits=80: yes Security callback: Supported Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes Security callback: Supported Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes Security callback: Supported Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes >>> ??? [length 0005] 16 03 01 00 77 >>> TLS 1.2, Handshake [length 0077], ClientHello 01 00 00 73 03 03 fa d8 cc c4 e4 fb 70 c1 49 95 fe 21 20 76 b1 78 2a b9 db 5f b7 af b8 de 9a 2c 5e de 74 d1 8f 66 00 00 04 c0 9c 00 ff 01 00 00 46 00 0b 00 04 03 00 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 00 23 00 00 00 0d 00 20 00 1e 04 03 05 03 06 03 08 04 08 05 08 06 04 01 05 01 06 01 02 03 02 01 02 02 04 02 05 02 06 02 00 16 00 00 00 17 00 00 write to 0x55a837046950 [0x55a8370578f0] (124 bytes => 124 (0x7C)) 0000 - 16 03 01 00 77 01 00 00-73 03 03 fa d8 cc c4 e4 ....w...s....... 0010 - fb 70 c1 49 95 fe 21 20-76 b1 78 2a b9 db 5f b7 .p.I..! v.x*.._. 0020 - af b8 de 9a 2c 5e de 74-d1 8f 66 00 00 04 c0 9c ....,^.t..f..... 0030 - 00 ff 01 00 00 46 00 0b-00 04 03 00 01 02 00 0a .....F.......... 0040 - 00 0a 00 08 00 1d 00 17-00 19 00 18 00 23 00 00 .............#.. 0050 - 00 0d 00 20 00 1e 04 03-05 03 06 03 08 04 08 05 ... ............ 0060 - 08 06 04 01 05 01 06 01-02 03 02 01 02 02 04 02 ................ 0070 - 05 02 06 02 00 16 00 00-00 17 .......... 007c - <SPACES/NULS> SSL_connect:SSLv3/TLS write client hello read from 0x55a837046950 [0x55a83704e653] (5 bytes => 5 (0x5)) 0000 - 15 03 03 00 02 ..... <<< ??? [length 0005] 15 03 03 00 02 read from 0x55a837046950 [0x55a83704e658] (2 bytes => 2 (0x2)) 0000 - 02 50 .P <<< TLS 1.2, Alert [length 0002], fatal internal_error 02 50 SSL3 alert read:fatal:internal error SSL_connect:error in SSLv3/TLS write client hello 139951664014784:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:ssl/record/rec_layer_s3.c:1469:SSL alert number 80 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 124 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1492615665 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- However, when viewing the supported ciphers, the cipher I'm attempting to integrate shows up as the first option in priority. openssl ciphers -s -v ECDHE-RSA-MYCIPHER-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=MYCIPHER Mac=AEAD It seems as though when the priority list of ciphers available is being created (I think its the ssl_create_cipher_list on line 1283 ssl/ssl_ciph.c) the newly created cipher is not being built up in the list... maybe? Because when I execute s_server/s_client without specifying a cipher it shows the following list server side: Shared ciphers:AES128-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA So I think if I can find where and how the above list is being created (I assume this list is generated both client and server side), then I think I'm close to being able to use this new cipher in SSL. Thank you again for your expertise on this. Rob
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users