search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
34.79k stars 9.83k forks source link

RFC8998: ShangMi (SM) Cipher Suites for TLS 1.3 #50304

Closed MiyamuraMiyako closed 10 months ago

MiyamuraMiyako commented 10 months ago

Is there an existing issue for this?

Is your feature request related to a problem? Please describe the problem.

No response

Describe the solution you'd like

Hope to aspnetcore add new cipher suites in rfc8998 spec.

Additional context

No response

Tratcher commented 10 months ago

https://www.rfc-editor.org/rfc/rfc8998

Cipher Suites are implemented by Windows or OpenSsl, not at the AspNetCore layer.

@wfurt do you know if these specific ciphers are supported?

wfurt commented 10 months ago

I don't know. By brief look at the RFC there are other extensions that needs to be added to ClientHello. If that means more work in OpenSSL API than just the CipherSuite than it it probably not working. On the other hand, SslStream does not set anything particular unless explicitly done by the caller. So if the cipher suites are supported by the installed libraries and enabled in /etc/ssl/openssl.conf it should just work AFAIK.

There seems to be at least some support in OpenSSL https://www.openssl.org/docs/man1.1.1/man7/SM2.html

MiyamuraMiyako commented 10 months ago

@Tratcher @wfurt Thanks for the reply, the relevant rfc is still under construction, and it is indeed not fully working yet.