Dear Matt Thank you for the quick reply and confirmation.
Regards Kevin > Am 29.06.2021 um 12:02 schrieb Matt Caswell <m...@openssl.org>: > > > >> On 29/06/2021 10:29, Kevin Lengauer wrote: >> Dear openssl-team and users >> Is it possible with OpenSSL 1.1.1k to do a TLS handshake using key material >> and certificate based on SM2/SM3/SM4 assuming I somehow got my hands on such >> keys/certificates? >> I think it is only possible with OpenSSL 3.0 to create them. >> After checking the web and the source code of the recent OpenSSL 1.1.1k >> version I doubt that this is possible and also did not find any >> corresponding cipher suites. >> Is this assumption correct or is there a way to do a TLS1.2 or TLS1.3 >> handshake with the aforementioned algorithms? > > You are correct, there are no suitable ciphersuites and it is not possible to > add an SM2 based certificate to an SSL_CTX/SSL. > > >> I am aware that the Chinese “GM/T 0024” protocol is not part of OpenSSL >> (yet) based on this github issue: >> https://github.com/openssl/openssl/issues/12473 >> <https://github.com/openssl/openssl/issues/12473> > > Correct. > > Matt >
