Hi Ronny, I hope this note finds your day going well.

The focus of the Intel supplied implementation of SGX/OpenSSL is on supplying cryptographic primitives rather then an implementation of SSL/TLS that can be terminated inside of an enclave.  The unresolved references you receive are secondary to the fact that these functions are simply not implemented.

There is an implementation of OpenSSL that allows SSL connections to be originated and terminated inside of an enclave.  The project can be found at the following URL:

https://github.com/sparkly9399/SGX-OpenSSL

Unfortunately that code is based on the 1.0.x release of OpenSSL, while the Intel implementation is based on the 1.1.x release.  Avoiding insanity involves choosing one implementation to base your SGX code on since there are API changes between the 1.0 and 1.1 releases of OpenSSL.  The version 1.1 API is obviously the path forward.

The challenge with doing SSL inside of an enclave is the need to provide OCALL implementations of the network socket system calls that are needed to implement the basic network communications which transports the SSL/TSL protocol.  In addition support needs to be provided for other basics such as accessing key and certificate files.

It would be helpful for the SGX community if someone were to roll up their sleeves and port the necessary code from the GITHUB hosted project above to the Intel supplied OpenSSL implementation.  Being able to implement TLS based communications from inside of an enclave seems to be fairly high on people's want list.

We actually have a need for that functionality ourselves so we may take a look at doing the work since we are firmly committed to the OpenSSL version 1.1 API and the Intel SGX/OpenSSL implementation is arguably the easiest path forward.

Hopefully this information is helpful.

Good luck with your project.

Dr. Greg