-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib/vtls/sectransp.c: Specify cipher name for Mac Secure Transport back-end #6464
Conversation
Isn't the cipher names and info better put in |
Yes, I just want to finish the table first and then merge it to the existing file. It is more convenient for me right now. The new table has more information and I prefer to send it as a new file. If reviewers agree the information is useful and format is good enough, etc, I'll definitely merge it into the CIPHERS.md Question. I did not work on wide tables in .MD format before. Looks it is not very nice to scroll it right/left on the github. Do you see better way to present that information? Maybe split it to several tables or use some HTML tables instead?
I'll add references. Thank you for review! :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your contribution. I've got a few changes I'd like you to make.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good; the latest changes are no longer generating a failing grade when I try them on howsmyssl.com's analyzer API. I found some typos in the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're very close; you just have typos and a security flaw to cover now. Again, thanks for your work on this so far.
I made several commits, probably I better summarize them here. I updated PR based on comments, commit cc7f8f7 addresses most of them. Please take a look. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made one more pass through this, and found one more typo in the comments. Otherwise, this is looking good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right, this looks good. Can you squash this please? @bagder , do you want to review?
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST) back-end. Similar to NSS and GSKit back-ends, new code parses string value and configures ST library to use those ciphers for communication. Create cipher spec data structure and initialize the array of specs with cipher number, name, alias, and 'weak' flag. Mark triple-DES ciphers as 'weak', and exclude them from the default ciphers list. PR curl#6464 Fix some comments. Fix iOS defines.
94abe32
to
6e5dc08
Compare
Thank you for your help! |
I'm ready to merge once the feature window opens again. If all goes well, that's on Monday April 5th. |
Thanks! |
Thank you, Daniel and Nick! |
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NNS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize array of specs with
cipher number, names and flag. That array allows to add/modify ciphers
in one place instead of several functions in code. The flag is binary
value for backward compatibility with an existing wrapper
implementation. It can be extended later for other purposes like
support of specific TLS version.
Code change required some analysis of macOS SDK versions, we need to
know when one or another value of enum in macOS SDK was introduced,
and some other data. I created the TLS-CIPHERS.md file to summarize
that data I found and to add some more information about ciphers
could useful for others. That document is not completely ready yet
and I just want your opinion on it.