[Swan-dev] runtime detection of NSS capabilities: SSL_GetImplementedCiphers()

Andrew Cagney andrew.cagney at gmail.com
Wed Mar 16 16:38:58 UTC 2016


Looking at the, er, documentation:

/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */
SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];

/* the same as the above, but is a function */
SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);

/* number of entries in the above table. */
SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;

/* the same as the above, but is a function */
SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);

 I suspect that will return something like:

    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

Otoh, if there is something we can call we'll be able to clean up our
crypto a bit by dropping the #ifdefs and instead probing everything at
runtime.  If nothing else, only enable algorithms if their test passes.

Andrew


On 16 March 2016 at 11:38, Paul Wouters <paul at nohats.ca> wrote:

>
> The function to check for cryptographic algorithms in NSS appararently
> is the function SSL_GetImplementedCiphers()
>
> Eg, we need to use that so see if we have CHACHA20/POLY1305 support in
> the future. Probably we also need it to test for various CCM algos
> needed to support IoT devices that we know aren't all in NSS yet.
>
> Paul
>
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20160316/5a296831/attachment.html>


More information about the Swan-dev mailing list