[gnutls-devel] cipher suites
Stefan Bühler
stbuehler at lighttpd.net
Sun Oct 20 20:15:50 CEST 2013
Hi,
On Sun, 13 Oct 2013 15:36:40 +0200
Stefan Bühler <stbuehler at lighttpd.net> wrote:
> combinations that should be easy (only need to fill ciphersuites.c):
> [...]
> TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
> TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
> TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
> TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
> TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
> TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
> TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256
> TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384
> TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
> TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
> TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
> TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
> TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
> TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
> TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
> TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
> TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
> TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
> [...]
I was wrong; although nettle supports GCM with all 128-bit block
ciphers, the Camellia-{128,256}-GCM ciphers are not listed in the
supported cipher list in GnuTLS yet.
As I recently learned that GnuTLS (sometimes) does its own AES/GCM stuff
due to AES-NI, I'm not sure how hard it would be to combine the AES-NI
GCM implementation with the Camellia implementation from nettle.
(Also it'd be really nice to have AES-NI accelerated AES/GCM in
nettle instead - I think it belongs there :) )
Also I wanted to ask about the state of the (ESTREAM)-Salsa20
ciphersuites.
The draft at http://tools.ietf.org/html/draft-josefsson-salsa20-tls-02
expired some days ago, and the numbers GnuTLS is using for them (0xE4,
0x10-0x39) are not actually private - they are just unassigned.
(According to
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
only (0xFF,0x00-0xFF) is reserved for private use).
regards,
Stefan
More information about the Gnutls-devel
mailing list