[gnutls-help] gnutls_protocol_get_name() and session resumption
Jeremy Harris
jgh at wizmail.org
Sun Apr 14 21:18:44 CEST 2019
On 14/04/2019 15:09, Nikos Mavrogiannopoulos wrote:
> On Sat, Apr 13, 2019 at 8:20 PM Jeremy Harris <jgh at wizmail.org> wrote:
>> GnuTLS 3.6.7
>>
>> On resuming a TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256 session
>> I'm getting a reported ciphersuite TLS1.3:NULL:256
>>
>> The "NULL" derives from gnutls_cipher_suite_get_name() and
>> the difference from the original is that the kx has changed
>> from 12 (GNUTLS_KX_ECDHE_RSA) to 14 (GNUTLS_KX_ECDHE_PSK).
>>
>>
>> Should I be using gnutls_kx_get_name() (&c for cipher and mac)
>> separately, rather than gnutls_cipher_suite_get_name() ?
>
> There are no key exchange methods under TLS1.3, or they are kind of
> implied, that's why you see null there. I'd recommend to use
> gnutls_session_get_desc() which gives a description applicable for
> gnutls but uniform across versions.
Using that, the original connection gets
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
and the resumed session gets
(TLS1.3)-(ECDHE-PSK-SECP256R1)-(AES-256-GCM)
Assuming the ECDHE is "implied by the TLS1.3" and the PSK part
is saying the key was shared by the initial connection...
what has happened to the cipher?
--
Thanks,
Jeremy
More information about the Gnutls-help
mailing list