I am using Ubuntu 20.04 server, running Openssl 1.1.1t, and nginx=1.21.6. I've configured nginx.conf to allow a set of ssl ciphers:
nginx.conf
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-CCM:AES256-GCM-SHA384:AES128-GCM-SHA256:CHACHA20-POLY1305-SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256';
ECDHE-ECDSA-AES256-GCM-SHA384ECDHE-RSA-AES256-GCM-SHA384ECDHE-ECDSA-CHACHA20-POLY1305ECDHE-RSA-CHACHA20-POLY1305ECDHE-ECDSA-AES128-GCM-SHA256ECDHE-RSA-AES128-GCM-SHA256ECDHE-ECDSA-AES256-CCMECDHE-ECDSA-AES128-CCMAES256-GCM-SHA384AES128-GCM-SHA256CHACHA20-POLY1305-SHA256TLS_AES_128_CCM_SHA256TLS_AES_128_CCM_8_SHA256
According to the official OpenSSL documentation, the ciphers TLS_AES_128_CCM_SHA256 and TLS_AES_128_CCM_8_SHA256 are supported.
However, when I try to connect to the target machine using the openssl s_client command, I get an error:
# openssl s_client -connect 192.168.2.15:443 -cipher TLS_AES_128_CCM_SHA256 -tls1_3
Error with command: "-cipher TLS_AES_128_CCM_SHA256"
140594233390400:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:../ssl/ssl_lib.c:2564:
I tried to verify the supported ciphers using the openssl ciphers -v command, I do not see any matching ciphers:
#openssl ciphers -v | grep -i CCM
#
I am unable to track what actually I am missing here.