[gnutls-devel] [RFC] Relaxing cipher suite (priority) string requirements

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jan 26 11:24:38 CET 2013

On 01/26/2013 06:38 AM, Jouko Orava wrote:

>> I think the idea of simplifying the rules is a nice one.
> Thanks!
> Perhaps the lib/gnutls_priority.c:prio_remove() and optional "+" in
> priority strings should be separated into simpler patches for now?

Yes that would be great.

> Suggested but untested patches are attached.

Ouch. I cannot test them now (may take some time), but if you add a test
in tests/ would speed up things. The test can simply use gnutls-cli -l
--priority XXX, for few typical strings and some corner cases, and
verify that the expected values are present.

> I'll post a separate message expanding on my ideas for enhancing the
> priority string parsing.

>>>   - Allow full cipher names, adding/removing cipher, mac, and kx

>> This is tricky. Although I don't think we are going to have a cipher
>> called SHA1, I was afraid of collisions and that's why we have this
>> awkward format. E.g. what does the +NULL mean? the NULL cipher? or
>> compression? How could you handle that?
> No, I meant that users seem to expect being able to specify e.g.
> TLS_RSA_AES_256_CBC_SHA1 as a priority string. The untested patch
> is supposed to detect that string as it matches the name entry in
> cs_algorithms[], and add the cipher, mac, and kx from that entry
> to the respective priority lists.

> In other words, priority string
> should have the same effect as
> 	+RSA:+AES_256_CBC:+SHA1

That's dangerous. TLS_RSA_AES_256_CBC is very different from +TLS1.0
+RSA +AES-256-CBC. The latter sets the order for the individual ciphers
while the former only for that specific ciphersuite. The idea of setting
priorities for individual ciphers was to avoid even introducing the
notion of ciphersuites to the users/admins. They don't need to know and
everyone (hopefully) knows the individual ciphers.

However, setting specific ciphersuites was my reason for switching to
priority strings (even though it was never implemented). It needs some
work, but the main idea is to generate the list of ciphersuite numbers
in gnutls_priority_set(), and later be used in the handshake.

Now the current behavior is to generate the ciphersuite numbers during
the handshake.

So if ciphersuite names are to be allowed in the string, the above has
to be done.


More information about the Gnutls-devel mailing list