On Tue, Mar 10, 2015 at 12:05:51AM +0100, Alessandro Ghedini wrote: > Instead of priting cipher and MAC algorithms names separately, print the whole > cipher suite string which also includes the key exchange algorithm. > > This is how the OpenSSL and NSS backends do it.
Actually, the attached patch is probably better: it prints both the TLS version and the cipher suite name just like the OpenSSL backend does. Pick the one you like better I guess. Cheers
From cd53cfc1b3f6c3bef88895ddb70c7a83587a9678 Mon Sep 17 00:00:00 2001 From: Alessandro Ghedini <[email protected]> Date: Mon, 9 Mar 2015 23:52:16 +0100 Subject: [PATCH] gtls: print negotiated TLS version and full cipher suite name Instead of priting cipher and MAC algorithms names separately, print the whole cipher suite string which also includes the key exchange algorithm, along with the negotiated TLS version. --- lib/vtls/gtls.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 19c659f..aeaef82 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -775,6 +775,16 @@ gtls_connect_step3(struct connectdata *conn, #endif CURLcode result = CURLE_OK; + gnutls_protocol_t version = gnutls_protocol_get_version(session); + + /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */ + ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session), + gnutls_cipher_get(session), + gnutls_mac_get(session)); + + infof(data, "SSL connection using %s / %s\n", + gnutls_protocol_get_name(version), ptr); + /* This function will return the peer's raw certificate (chain) as sent by the peer. These certificates are in raw format (DER encoded for X.509). In case of a X.509 then a certificate list may be present. The @@ -1014,7 +1024,6 @@ gtls_connect_step3(struct connectdata *conn, /* Show: - - ciphers used - subject - start date - expire date @@ -1054,14 +1063,6 @@ gtls_connect_step3(struct connectdata *conn, /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */ infof(data, "\t compression: %s\n", ptr); - /* the name of the cipher used. ie 3DES. */ - ptr = gnutls_cipher_get_name(gnutls_cipher_get(session)); - infof(data, "\t cipher: %s\n", ptr); - - /* the MAC algorithms name. ie SHA1 */ - ptr = gnutls_mac_get_name(gnutls_mac_get(session)); - infof(data, "\t MAC: %s\n", ptr); - #ifdef HAS_ALPN if(data->set.ssl_enable_alpn) { rc = gnutls_alpn_get_selected_protocol(session, &proto); -- 2.1.4
signature.asc
Description: Digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
