Hi,
I am using DTLS with PSK (on OTP-21.1), but I can not find the correct cipher suites from the supported cipher list:
==============================
3> rp(ssl:cipher_suites(all)).
[
{ecdhe_ecdsa,aes_256_gcm,aead,sha384}
,
{ecdhe_rsa,aes_256_gcm,aead,sha384}
,
{ecdhe_ecdsa,aes_256_cbc,sha384,sha384}
,
{ecdhe_rsa,aes_256_cbc,sha384,sha384}
,
{ecdh_ecdsa,aes_256_gcm,aead,sha384}
,
{ecdh_rsa,aes_256_gcm,aead,sha384}
,
{ecdh_ecdsa,aes_256_cbc,sha384,sha384}
,
{ecdh_rsa,aes_256_cbc,sha384,sha384}
,
{dhe_rsa,aes_256_gcm,aead,sha384}
,
{dhe_dss,aes_256_gcm,aead,sha384}
,
{dhe_rsa,aes_256_cbc,sha256}
,
{dhe_dss,aes_256_cbc,sha256}
,
{ecdhe_ecdsa,aes_128_gcm,aead,sha256}
,
{ecdhe_rsa,aes_128_gcm,aead,sha256}
,
{ecdhe_ecdsa,aes_128_cbc,sha256,sha256}
,
{ecdhe_rsa,aes_128_cbc,sha256,sha256}
,
{ecdh_ecdsa,aes_128_gcm,aead,sha256}
,
{ecdh_rsa,aes_128_gcm,aead,sha256}
,
{ecdh_ecdsa,aes_128_cbc,sha256,sha256}
,
{ecdh_rsa,aes_128_cbc,sha256,sha256}
,
{dhe_rsa,aes_128_gcm,aead,sha256}
,
{dhe_dss,aes_128_gcm,aead,sha256}
,
{dhe_rsa,aes_128_cbc,sha256}
,
{dhe_dss,aes_128_cbc,sha256}
,
{ecdhe_ecdsa,aes_256_cbc,sha}
,
{ecdhe_rsa,aes_256_cbc,sha}
,
{dhe_rsa,aes_256_cbc,sha}
,
{dhe_dss,aes_256_cbc,sha}
,
{ecdh_ecdsa,aes_256_cbc,sha}
,
{ecdh_rsa,aes_256_cbc,sha}
,
{ecdhe_ecdsa,aes_128_cbc,sha}
,
{ecdhe_rsa,aes_128_cbc,sha}
,
{dhe_rsa,aes_128_cbc,sha}
,
{dhe_dss,aes_128_cbc,sha}
,
{ecdh_ecdsa,aes_128_cbc,sha}
,
{ecdh_rsa,aes_128_cbc,sha}
,
{rsa_psk,aes_256_gcm,aead,sha384}
,
{rsa_psk,aes_256_cbc,sha384}
,
{rsa_psk,aes_128_gcm,aead,sha256}
,
{rsa_psk,aes_128_cbc,sha256}
,
{rsa_psk,aes_256_cbc,sha}
,
{rsa_psk,aes_128_cbc,sha}
,
{rsa_psk,'3des_ede_cbc',sha}
,
{rsa_psk,rc4_128,sha}
,
{srp_rsa,'3des_ede_cbc',sha}
,
{srp_dss,'3des_ede_cbc',sha}
,
{srp_rsa,aes_128_cbc,sha}
,
{srp_dss,aes_128_cbc,sha}
,
{srp_rsa,aes_256_cbc,sha}
,
{srp_dss,aes_256_cbc,sha}
,
{ecdhe_ecdsa,rc4_128,sha}
,
{ecdhe_rsa,rc4_128,sha}
,
{ecdh_ecdsa,rc4_128,sha}
,
{ecdh_rsa,rc4_128,sha}
,
{rsa,rc4_128,sha}
,
{rsa,rc4_128,md5}
,
{dhe_rsa,des_cbc,sha}
,
{rsa,des_cbc,sha}
,
{ecdhe_ecdsa,'3des_ede_cbc',sha}
,
{ecdhe_rsa,'3des_ede_cbc',sha}
,
{dhe_rsa,'3des_ede_cbc',sha}
,
{dhe_dss,'3des_ede_cbc',sha}
,
{ecdh_ecdsa,'3des_ede_cbc',sha}
,
{ecdh_rsa,'3des_ede_cbc',sha}
,
{rsa,aes_256_gcm,aead,sha384}
,
{rsa,aes_256_cbc,sha256}
,
{rsa,aes_128_gcm,aead,sha256}
,
{rsa,aes_128_cbc,sha256}
,
{rsa,aes_256_cbc,sha}
,
{rsa,aes_128_cbc,sha}
,
{rsa,'3des_ede_cbc',sha}
]
==============================
What I am looking for is `TLS_PSK_WITH_AES_128_CBC_SHA256` and `TLS_PSK_WITH_AES_128_CCM_8`. I think they might be supported by OTP-21.1, but I am not sure as they are not listed in the output of `ssl:cipher_suites(all)`.
I found a [wiki](https://github.com/erlang/otp/wiki/Cipher-suite-correspondence-table) about this, but it seems to be outdated.
Could you confirm this? Can I use following SSL config in my application?
==============================
{ciphers, [
{psk, aes_128_cbc, sha256}
,
{psk, aes_128_ccm, 8}
]}
==============================
Best Regards,
//Shawn