I am trying to use Bouncy Castle's DefaultTlsClient to interact with a server that only uses the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
In searching through Bouncy Castle source code I came across the abstract DefaultTlsClient and thought I might be able to use it and override the GetCipherSuitesmethod like such:
public override int[] GetCipherSuites()
{
return new int[]
{
CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
};
}
However I am not sure Bouncy Castle actually implements the suite, as the program crashes with a failed handshake(40) being emitted from the client after the Server finishes its hello - the 40 I believe should be a failed cipher suite negotiation error. So the order of TLS messages: client hello with CCM_8 cipher suite offered -> server hello with CCM_8 cipher suite offered back -> Alert Handshake failure(40) from client to server.
If I use more common ciphers when overriding GetCipherSuites() my implementation talks with other TLS servers like Google just fine, but the server I need to talk with only uses CCM_8.
Does Bouncy Castle TLSClient actually work with all the suites in the constant class CipherSuite: http://docs.glngn.com/latest/api/org.bouncycastle.bcprov-jdk15on/org/bouncycastle/crypto/tls/CipherSuite.html?
Or does it rely on the OS to provide?
Moreover just trying find a way to to TLS in dotnet with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 and x509 certificates. Libraries that I've found use only preshared keys.