if (!SSL_CTX_set_cipher_list (pComm->ssl_ctx, "ECDHE-ECDSA-AES128-CCM8"))
{
FWH_INFO ("tls_init: error selecting ECDHE-ECDSA-AES128-CCM8 cipher suite\n");
exit (0);
}
采用openssl加密传输,使用函数SSL_CTX_set_cipher_list设置加密套件为ECDHE-ECDSA-AES128-CCM8
但是抓包结果为下图所示:
如何限定唯一的加密套件ECDHE-ECDSA-AES128-CCM8。删除其他的默认套件。
查看加密套件
root@imx6ull14x14evk:/opt/app# openssl ciphers -V ECDHE-ECDSA-AES128-CCM8
0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
0xC0,0xAE - ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
参考https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ 是否支持删除前三个默认加密套件