>Continuing with the problems of making structs opaque, currently the API for >querying the information about ciphers is quite weak. Only >>SSL_CIPHER_description provides access to data such as the key exchange >method, and parsing a string to obtain this information seems daft. We're >>missing API for: key exchange, authentication method, encryption algorithm, >MAC and the export flag.
(Man, outlook makes it hard to NOT top-post. Sigh.) Since all of those are implied by the cipher spec, could we just have an API to return the two-byte cipher identifier? (That would break if TLS 1.3 moves to "a la carte" selection, but I doubt that will happen.) Export is gone :) And what's the MAC if using an AEAD cipher like AES-GCM? > It's also worth noting that SSL_CIPHER_get_version and SSL_CIPHER_description > should probably be returning const char * not char *. Yes, is that a bug to backport or just fix in master, you think? -- Senior Architect, Akamai Technologies IM: [email protected] Twitter: RichSalz _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
