Why doesn't openssl from Homebrew include aes-256-gcm cipher support?

Question

I have installed latest openssl via Homebrew on my Mac (macOS Big Sur 11.5.2). But it doesn't support aes-256-gcm cipher suddenly.

$ /usr/local/opt/openssl@1.1/bin/openssl enc -ciphers | grep aes-
-aes-128-cbc               -aes-128-cfb               -aes-128-cfb1
-aes-128-cfb8              -aes-128-ctr               -aes-128-ecb
-aes-128-ofb               -aes-192-cbc               -aes-192-cfb
-aes-192-cfb1              -aes-192-cfb8              -aes-192-ctr
-aes-192-ecb               -aes-192-ofb               -aes-256-cbc
-aes-256-cfb               -aes-256-cfb1              -aes-256-cfb8
-aes-256-ctr               -aes-256-ecb               -aes-256-ofb

$ /usr/local/opt/openssl@1.1/bin/openssl version
OpenSSL 1.1.1l  24 Aug 2021

How can I enable the cipher? And why isn't it included in the package?

Answer 1

I've found the reason of my issue. It is described in the openssl docs.

This command does not support authenticated encryption modes like CCM and GCM, and will not support such modes in the future. This is due to having to begin streaming output (e.g., to standard output when -out is not used) before the authentication tag could be validated. When this command is used in a pipeline, the receiving end will not be able to roll back upon authentication failure. The AEAD modes currently in common use also suffer from catastrophic failure of confidentiality and/or integrity upon reuse of key/iv/nonce, and since openssl enc places the entire burden of key/iv/nonce management upon the user, the risk of exposing AEAD modes is too great to allow. These key/iv/nonce management issues also affect other modes currently exposed in this command, but the failure modes are less extreme in these cases, and the functionality cannot be removed with a stable release branch.