You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2019/12/09 10:58:25 UTC

[GitHub] [incubator-apisix] totemofwolf commented on issue #953: request help: Any plan for supporting the SM1/SM2/SM3/SM4 cryptographic algorithm?

totemofwolf commented on issue #953: request help: Any plan for supporting the SM1/SM2/SM3/SM4 cryptographic algorithm?
URL: https://github.com/apache/incubator-apisix/issues/953#issuecomment-563181890
 
 
   As i know, Chinese cryptographic algorithm `SM2 SM3 SM4` are included in official openssl 1.1.1, 
   so you should use at least openssl 1.1.1 (when compiled with openresty):
   refer:
   https://www.openssl.org/blog/blog/2018/09/11/release111/
   
   and you should compile and patch openssl 1.1.1 refered to: 
   https://github.com/apache/incubator-apisix-docker/blob/master/alpine/Dockerfile
   
   ----
   
   refered to issues from https://github.com/jntass/TASSL-1.1.1b/issues/12
   
   `EC` is stand for `SM2`
   
   ```
   bash-4.4# bin/openssl
   OpenSSL> ciphers
   ...:ECC-SM4-SM3:ECDHE-SM4-SM3:...
   ```
   
   After that you could add these ciphers to apisix's config.yaml (not tested),
   Welcome PR.
   
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services