We have a socket class that currently uses schannel via SSPI calls (This is a legacy Windows desktop application). The problem is that our application has to support the cipher suite TLS_ECDHE_ECDSA_WITH _AES_128_CCM_8 and this is not available in schannel as far as I can tell. This suite is available in OpenSSL but it would be a very bad choice to rewrite a lot of the socket code to fit OpenSSL - the ideal scenario would be to wrap OpenSSL in an SSPI format and let the code just keep the same interfaces. I am hoping I can pursue one of these choices:
A. Adding (or installing) OpenSSL as an alternate SSP to Windows in a way that it implements the SSP interfaces (is this even possible "out of the box"?)
B. As a next best thing writing a custom SSP that wraps OpenSSL and adding it to windows - I have not found many good examples of how to do this but it is apparently possible.
I am open to any other (minimally invasive) suggestions on how to bring in TLS_ECDHE_ECDSA_WITH _AES_128_CCM_8 to our current socket code in windows. Has anybody face a similar problem? How did you solve it?