Our program originally usd OpenSSL library 1.0.2 and support cipher suite whose prefix start with ECDH, such as:
ECDH-ECDSA-AES128-SHA ECDH-ECDSA-AES128-SHA256 ECDH-ECDSA-AES128-GCM-SHA256 ECDH-ECDSA-AES256-SHA384 ECDH-ECDSA-AES256-GCM-SHA384 ECDH-RSA-AES128-SHA ECDH-RSA-AES128-SHA256 ECDH-RSA-AES128-GCM-SHA256 ECDH-RSA-AES256-SHA384 ECDH-ECDSA-AES256-SHAECDH-RSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA
Recently we upgrade the depent OpenSSL library to 3.0, we found use such cipher suites can't talk with server successfully.
From the OpenSSL 3.0 document, https://www.openssl.org/docs/man3.0/man1/openssl-ciphers.html, we found the supported cipher list doesn't contain above cipher suites, does that mean In the OpenSSL 3.0, it won't support such cipher suite anymore?
I use the comand openssl ciphers -v -provider default ALL, openssl ciphers -v -provider legacy ALL, all the output result doesn't contain such cipher suite, does that mean the cipher suite realted code has removed from the OpenSSL repo Or Does the OpenSSL library has some config option or build option to support such cipher suites?
Currently I have tested ECDHE realted cipher suite, all these cipher suite talk with server successfully.
I have use OpenSSL 1.0.2 client(supported above cipher suite) talk with the OpenSSL 3.0 server, they can't talk with the server successfully.
NO.
The static-ECDH suites were partly implemented in late 0.9.x and fully in 1.0.0-2, although the ones that use GCM (or other AEAD) or SHA-2 are specific to TLS1.2 and thus only work in 1.0.1-2. In contrast, static-DH (now called static-FFDH to avoid ambiguity) suites were not implemented originally, and added in 1.0.2. However 1.1.0 and up (i.e. after SMACK and also Heartbleed) entirely replaced the accreted-over-time handshake logic with a new more rigorous one, and in the process it removed the implementations of both static-ECDH and static-FFDH. It also removed the export suites and the code for SSLv2 which is no longer even buildable, in contrast to SSLv3 which in 1.1.0 up is disabled by default (that was also the first feature-change version after POODLE) but can still be enabled if you really want.
Plus, of course, 1.1.1 up implemented TLS1.3, and TLS1.3 doesn't have the keyexchange in the ciphersuite (at all) and doesn't allow any static-[FF|EC]DH keyexchange ever.
Do you really have ECC cert(s) that isn't(aren't) signature-capable? Those are very very rare, like I think you may be the only one in the world to do so. If you have signature-capable ECC cert(s) just use it(them) for ECDHE-ECDSA in 1.2 (or below, but that's not recommended), and ECDSA authentication (with any supported KX) in 1.3.