[openssl-dev] Missing API features
Salz, Rich
rsalz at akamai.com
Mon Apr 20 14:33:55 UTC 2015
>Continuing with the problems of making structs opaque, currently the API for querying the information about ciphers is quite weak. Only >SSL_CIPHER_description provides access to data such as the key exchange method, and parsing a string to obtain this information seems daft. We're >missing API for: key exchange, authentication method, encryption algorithm, MAC and the export flag.
(Man, outlook makes it hard to NOT top-post. Sigh.)
Since all of those are implied by the cipher spec, could we just have an API to return the two-byte cipher identifier? (That would break if TLS 1.3 moves to "a la carte" selection, but I doubt that will happen.) Export is gone :) And what's the MAC if using an AEAD cipher like AES-GCM?
> It's also worth noting that SSL_CIPHER_get_version and SSL_CIPHER_description should probably be returning const char * not char *.
Yes, is that a bug to backport or just fix in master, you think?
--
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz
More information about the openssl-dev
mailing list