Hi Gilles,
Thank you for the reply, it seems like the problem was that my MBEDTLS_CCM_C setting simply got overwritten and it didn't actually get set correctly. Once I fixed this, the ciphers appeared in Client Hello as expected.
Thank you! Ron
On 2021-09-29 12:33, Gilles Peskine via mbed-tls wrote:
Hi Ron,
Enabling MBEDTLS_CCM_C should be enough to enable CCM ciphersuites. There are options to disable some ciphersuites even when all the crypto primitives are available, but I think the only one that treats GCM and CCM differently is MBEDTLS_SSL_CIPHERSUITES. Please check that you aren't setting MBEDTLS_SSL_CIPHERSUITES.
Please run `programs/ssl/ssl_client2 help` and check which ciphersuites it lists. If it lists CCM, the problem is the library configuration. If it doesn't, the problem is in the code.
If you enable debugging at level 3 (MBEDTLS_DEBUG_C and mbedtls_debug_set_threshold(3)), the client will print a message "client hello, add ciphersuite: …" for each ciphersuite that it sends. This should match the list set with |mbedtls_ssl_conf_ciphersuites|.
If you remove the call to |mbedtls_ssl_conf_ciphersuites|, what ciphersuites does the client advertise? It should default to advertising everything it can do.
Hope this helps,