What is the information you're looking for? "kx=X25519" or kx="2KRSA" or ... ? I picked those because sometimes there's a keysize, and other times it's implicit, for example. The internal table is going to need restructuring.
-- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz From: Richard Moore [mailto:richmoor...@gmail.com] Sent: Monday, April 20, 2015 4:22 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] Missing API features On 20 April 2015 at 15:33, Salz, Rich <rs...@akamai.com<mailto:rs...@akamai.com>> wrote: >Continuing with the problems of making structs opaque, currently the API for >querying the information about ciphers is quite weak. Only >>SSL_CIPHER_description provides access to data such as the key exchange >method, and parsing a string to obtain this information seems daft. We're >>missing API for: key exchange, authentication method, encryption algorithm, >MAC and the export flag. (Man, outlook makes it hard to NOT top-post. Sigh.) Since all of those are implied by the cipher spec, could we just have an API to return the two-byte cipher identifier? (That would break if TLS 1.3 moves to "a la carte" selection, but I doubt that will happen.) Export is gone :) And what's the MAC if using an AEAD cipher like AES-GCM? Just returning the cipher id would mean every app needs to replicate the table that openssl already has, and keep it updated. Doesn't seem like a good plan to me. According to the current code in openssl the 'MAC' when using AES-GCM is AEAD - not ideal perhaps, but what we've got. > It's also worth noting that SSL_CIPHER_get_version and SSL_CIPHER_description > should probably be returning const char * not char *. Yes, is that a bug to backport or just fix in master, you think? Changing the return type here should be binary compatible on any sane platform, but it might cause source incompatibilities. Cheers Rich.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
