[gnutls-devel] BNF of priority strings
nmav at gnutls.org
Sat Jan 26 14:35:19 CET 2013
On 01/26/2013 01:53 PM, Jouko Orava wrote:
> As a step towards "better" priority string logic,
> I built a BNF spec of the existing priority strings.
> Three comments, though:
> 1. Since the NULL MAC string is "MAC-NULL",
> it has to be specified as "MAC-MAC-NULL".
> I don't know if anyone ever needs to specify it, though.
Nice catch, but it was intentional. MAC-NULL cannot be set in TLS (there
are no ciphersuites with such MAC).
> 2. Commit 8d69e1bd9e61cc0b390ca987fd66ec2aad9c0d3c
> states that it adds elliptic curve SECP512R1,
> but it actually adds "SECP521R1". 512 != 521.
> Either the comment or the code is wrong.
It's a typo on the commit message. The curve is 521 bits long.
> 3. All "...-ALL" accept any extra suffix
> (not containing a colon). In other words,
> "CURVE-ALLISON" is the same as "CURVE-ALL",
> as the "...-ALL..." are checked before the
> more specific ones.
> In practice, any name starting with "ALL"
> is impossible to specify.
I think that this could be easily changed, or not?
> The BNF for specifying a priority string:
Looks correct to me.
An interesting use for your BNF description would be to be used to check
the current priority parsing code. That would be if there is a tool that
takes BNF and outputs valid random strings.
More information about the Gnutls-devel