rustls-ccm
March 9, 2026 · View on GitHub
AES-CCM cipher suites for rustls.
Neither aws-lc-rs nor ring expose AES-CCM, so rustls's built-in providers cannot offer these suites. This crate fills the gap using the RustCrypto aes + ccm crates, plugged in via rustls's CryptoProvider extension point.
Why
CCM cipher suites are required or recommended by several IoT and energy protocols:
- IEEE 2030.5 (Smart Energy) — mandates
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - Matter / Thread — uses TLS 1.3
TLS_AES_128_CCM_SHA256 - RFC 7925 (constrained-device TLS) — profiles CCM and CCM-8 suites
- CoAP over DTLS — commonly uses CCM-8 for bandwidth efficiency
Without this crate, using rustls for these protocols requires falling back to OpenSSL or BoringSSL (which removed CCM entirely).
Cipher suites
TLS 1.2 (RFC 7251)
| Suite | Tag | Key |
|---|---|---|
TLS_ECDHE_ECDSA_WITH_AES_128_CCM | 16 B | 128-bit |
TLS_ECDHE_ECDSA_WITH_AES_256_CCM | 16 B | 256-bit |
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 | 8 B | 128-bit |
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 | 8 B | 256-bit |
TLS 1.3 (RFC 8446)
| Suite | Tag | Key |
|---|---|---|
TLS_AES_128_CCM_SHA256 | 16 B | 128-bit |
TLS_AES_128_CCM_8_SHA256 | 8 B | 128-bit |
Usage
[dependencies]
rustls-ccm = "0.1"
rustls = "0.23"
Quick start — all CCM suites
let provider = rustls_ccm::crypto_provider();
let config = rustls::ClientConfig::builder_with_provider(provider.into())
.with_safe_default_protocol_versions()
.unwrap();
Pick specific suites
use rustls::crypto::CryptoProvider;
let mut provider = rustls::crypto::aws_lc_rs::default_provider();
provider.cipher_suites.insert(0, *rustls_ccm::TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8);
let config = rustls::ClientConfig::builder_with_provider(provider.into())
.with_safe_default_protocol_versions()
.unwrap();
Limitations
ConnectionTrafficSecretsextraction is not supported —extract_keysreturnsUnsupportedOperationErrorfor all CCM suites. SSLKEYLOGFILE-style secret export will not work when a CCM suite is negotiated.
How it works
The crate borrows key exchange (ECDHE), signature (ECDSA), hash (SHA-256), PRF, and HKDF implementations from the aws-lc-rs provider. Only the AEAD algorithm is replaced with a CCM implementation built on RustCrypto's aes and ccm crates.
License
MIT OR Apache-2.0