[gnutls-devel] [RFC] Relaxing cipher suite (priority) string requirements

Jouko Orava jouko.orava at helsinki.fi
Fri Feb 1 18:55:45 CET 2013

> >  For example, using "PERFORMANCE:!EXPORT"
> I do believe that this will cause more confusion with the currently
> available levels, but could be useful when we have more levels that
> act more like a group of ciphers.

Fully agreed.

> Let's then rename level to cipher-group (or ciphersuite-group) to
> signify better it's purpose.

Yes, this sounds very sensible and good to me.

> I think the best would be a description that could be part of the
> manual (so that there is no double work to port it there). However,
> would you be interested in implementing it? I could help with that if
> needed.

Absolutely; it has been my intention all along to write the necessary
code. I just didn't want to write it first, then find out the overall
logic is completely unacceptable, or worse: worthless, unusable.

I'll write some patches, include the description on the functionality in
the patch descriptions, and submit them to the list for further

(Give me a few days, though, as I need to set up a test environment first,
to test the priority strings and resulting connection properties easier.)

I expect the patches will need some work (at least to better integrate
to the style and flow of the GnuTLS code overall, as I'm not as familiar
with the codebase yet as I'd like), so the more eyes and minds,
the better.

Best regards,

More information about the Gnutls-devel mailing list