TLS Cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CCM

nasapro...@gmail.com

unread,

Dec 10, 2019, 6:22:40 PM12/10/19

to golang-nuts

Hi, does golang support TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ?

Brian Candler

unread,

Dec 11, 2019, 12:25:18 PM12/11/19

to golang-nuts

https://golang.org/pkg/crypto/tls/#pkg-constants

nasapro...@gmail.com

unread,

Dec 11, 2019, 12:40:18 PM12/11/19

to golang-nuts

Ok it doesn’t. Will we support it?
Seems like there aren’t any CCM ciphers on that list.

kddavi...@gmail.com

unread,

Dec 14, 2019, 5:44:13 AM12/14/19

to golang-nuts

Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml:

Note

    CCM_8 cipher suites are not marked as "Recommended". These
    cipher suites have a significantly truncated authentication tag
    that represents a security trade-off that may not be appropriate
    for general environments.

The go crypto libraries implement algorithms that are easy to use by a broad set of users in the general case, so while it may exist in a third party package, I would be surprised if it made its way into the standard library.

Brian Candler

unread,

Dec 16, 2019, 12:46:51 PM12/16/19

to golang-nuts

There is always github.com/spacemonkeygo/openssl

(even then, openssl deprecates non-recommended crypto, so you may need to build against an old version)

Reply all

Reply to author

Forward

TLS Cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8

nasapro...@gmail.com

Brian Candler

nasapro...@gmail.com

kddavi...@gmail.com

Brian Candler