[gnutls-help] gnutls_protocol_get_name() and session resumption

Jeremy Harris jgh at wizmail.org
Sun Apr 14 21:18:44 CEST 2019

On 14/04/2019 15:09, Nikos Mavrogiannopoulos wrote:
> On Sat, Apr 13, 2019 at 8:20 PM Jeremy Harris <jgh at wizmail.org> wrote:
>> GnuTLS 3.6.7
>> On resuming a TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 session
>> I'm getting a reported ciphersuite TLS1.3:NULL:256
>> The "NULL" derives from gnutls_cipher_suite_get_name() and
>> the difference from the original is that the kx has changed
>> Should I be using gnutls_kx_get_name() (&c for cipher and mac)
>> separately, rather than gnutls_cipher_suite_get_name() ?
> There are no key exchange methods under TLS1.3, or they are kind of
> implied, that's why you see null there. I'd recommend to use
> gnutls_session_get_desc() which gives a description applicable for
> gnutls but uniform across versions.

Using that, the original connection gets
and the resumed session gets

Assuming the ECDHE is "implied by the TLS1.3" and the PSK part
is saying the key was shared by the initial connection...
what has happened to the cipher?

More information about the Gnutls-help mailing list