[gnutls-devel] GnuTLS | API function to get ciphersuite name (#1291)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Nov 27 15:10:32 CET 2021 


Michael Catanzaro created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1291



## Description of the feature:

It would be nice if GnuTLS had an easy way to get the name of the current ciphersuite in use by a gnutls_session_t ([suggested by Daiki](https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/194#note_1321126)).

## Applications that this feature may be relevant to:

glib-networking would use this.

## Is this feature implemented in other libraries (and which)

The current glib-networking implementation does:

```
static gchar *
get_ciphersuite_name (gnutls_session_t session)
{
  gnutls_protocol_t protocol_version = gnutls_protocol_get_version (session);
  char *cipher_name;
  char *result;

  if (protocol_version <= GNUTLS_TLS1_2 ||
      (protocol_version >= GNUTLS_DTLS0_9 && protocol_version <= GNUTLS_DTLS1_2))
    {
      return g_strdup (gnutls_cipher_suite_get_name (gnutls_kx_get (session),
                                                     gnutls_cipher_get (session),
                                                     gnutls_mac_get (session)));
    }

  cipher_name = g_strdup (gnutls_cipher_get_name (gnutls_cipher_get (session)));
  for (char *c = cipher_name; *c != '\0'; c++)
    {
      if (*c == '-')
        *c = '_';
    }

  result = g_strdup_printf ("TLS_%s_%s",
                            cipher_name,
                            gnutls_digest_get_name (gnutls_prf_hash_get (session)));
  g_free (cipher_name);

  return result;
}
```

Ideally we would replace all that with one call to GnuTLS.

Additionally, for TLS 1.2, that returns the "GnuTLS" name of the ciphersuite, which is different from the standard IANA names. The new API should probably always return the standard, IANA-style ciphersuite names.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1291
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20211127/a6c1bde6/attachment.html>

More information about the Gnutls-devel mailing list