lib/vtls/sectransp.c: Specify cipher name for Mac Secure Transport back-end #6464
Conversation
|
Isn't the cipher names and info better put in |
Yes, I just want to finish the table first and then merge it to the existing file. It is more convenient for me right now. The new table has more information and I prefer to send it as a new file. If reviewers agree the information is useful and format is good enough, etc, I'll definitely merge it into the CIPHERS.md Question. I did not work on wide tables in .MD format before. Looks it is not very nice to scroll it right/left on the github. Do you see better way to present that information? Maybe split it to several tables or use some HTML tables instead?
I'll add references. Thank you for review! :) |
mkolechkin
changed the title
|
I made several commits, probably I better summarize them here. I updated PR based on comments, commit cc7f8f7 addresses most of them. Please take a look. |
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST) back-end. Similar to NSS and GSKit back-ends, new code parses string value and configures ST library to use those ciphers for communication. Create cipher spec data structure and initialize the array of specs with cipher number, name, alias, and 'weak' flag. Mark triple-DES ciphers as 'weak', and exclude them from the default ciphers list. PR curl#6464 Fix some comments. Fix iOS defines.
mkolechkin
force-pushed
the
mkolechkin
branch
from
94abe32
to
6e5dc08
Compare
Thank you for your help! |
|
I'm ready to merge once the feature window opens again. If all goes well, that's on Monday April 5th. |
|
Thanks! |
|
Thank you, Daniel and Nick! |
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NNS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize array of specs with
cipher number, names and flag. That array allows to add/modify ciphers
in one place instead of several functions in code. The flag is binary
value for backward compatibility with an existing wrapper
implementation. It can be extended later for other purposes like
support of specific TLS version.
Code change required some analysis of macOS SDK versions, we need to
know when one or another value of enum in macOS SDK was introduced,
and some other data. I created the TLS-CIPHERS.md file to summarize
that data I found and to add some more information about ciphers
could useful for others. That document is not completely ready yet
and I just want your opinion on it.