[openssl-dev] Missing API features
Dr. Stephen Henson
steve at openssl.org
Tue Apr 21 11:50:59 UTC 2015
On Mon, Apr 20, 2015, Richard Moore wrote:
> On 20 April 2015 at 21:25, Salz, Rich <rsalz at akamai.com> wrote:
>
> > What is the information you're looking for? "kx=X25519" or kx="2KRSA"
> > or ... ? I picked those because sometimes there's a keysize, and other
> > times it's implicit, for example. The internal table is going to need
> > restructuring.
> >
>
> In the case of Qt both of those would work - the API we provide looks like
> this: http://doc.qt.io/qt-5/qsslcipher.html
> The basic idea is to provide the information to people using the API so
> that they can use it when describing the cipher to users. To be honest, I'm
> not sure how much of this users will actually understand in practice, but
> that's a different problem.
>
I think what would be useful here would be an API that can determine
appropriate characterictics of an SSL_CIPHER. For example a NID
corresponding to the key exchange algorithm, signer, cipher and MAC. We have
to find this stuff out internally but there is no exposed API to do this.
Enough for an application to write its own version of SSL_CIPHER_description
for example.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list