I want to check OpenSSL 1.1.0g against an application ciphersuite lists. The application I have has ciphersuites as follows:
ecdhe-ecdsa-chacha20-poly1305-sha256
ecdhe-rsa-chacha20-poly1305-sha256
By checking Openssl TLS 1.2 ciphers using the command: openssl ciphers -s -tls1_2 -V I got some ChaCha ciphersuites as follows:
0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
The only difference is that OpenSSL ciphersuite name does not contain the SHA type. There are many SHA types (256, 384, etc.). How can I know what is the SHA type in OpenSSL ciphersuites?
openssl ciphers shows you the codes for this ciphers, i.e. 0xCC,0xA9 and 0xCC,0xA8. According to IANA these codes map to TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 which are both defined in RFC 7905.