On Wed, Mar 29, 2017 at 7:26 PM, Ted Zlatanov <[email protected]> wrote: > Hello! I am evaluating the integration of the GnuTLS cryptographic > functions into Emacs. My alternative is to use Nettle directly but I'd > rather use the GnuTLS API. > There are a few issues. > > I found myself unable to list the ciphers, MACs, and digests supported. > Nettle exposes those lists but GnuTLS doesn't seem to. The problem with > an explicit list is that I end up with [1] which will be either too > limited (to support all platforms) or too aggressive. I don't think I > could maintain that list long-term, since it could change with every > GnuTLS release. How would you suggest I approach this for now? > Individual ifdefs?
Hi, I am not sure how do you intend to use such lists, run-time or compile-time, however would enumeration through the API be sufficient? If yes, you may want to check the algorithm enumeration functions such as gnutls_mac_list(), gnutls_cipher_list() etc. > Also I had to manually map the MACs to the digests, there's no way to > tell which MACs don't have associated digests. There are separate gnutls_mac_list() and gnutls_digest_list() which can be used to obtain the different sets. > Similarly there's no way > to tell which ciphers can be used for AEAD, but at least there's no The gnutls_cipher_get_tag_size could be used to determine the AEAD status (only AEAD ciphers have a tag). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
