I think that in general this suggestion is a good idea. However, the OpenSSL cipher name parser is complicated; it uses a large flex parser if I recall correctly. Integrating this will take quite an effort. Patches welcome...
I think that both the openssl and the gnutls cipher name constructs are unnecessarily complex: there are maybe max 100 registered TLS ciphersuites. A tiny portion of those are useful in normal situations. I think it would be simpler if the administrator simply specified exactly which TLS ciphersuite he wants, instead of trying to describe what ciphersuites he want using some complicated naming scheme. Implementing my idea will be considerably simpler, and while it doesn't yield perfect compatibility with openssl in this area, it should be simple to run some openssl command to find out which TLS ciphersuites a particular "TLSCipherSuite" string corresponds to, and then specify those ciphersuites directly. Does anyone know if openssl supports specifying the cipher suite directly in "TLSCipherSuite"? If so, I think we should use the same way, so that at least those strings become compatible. Then there is a least-common-denominator between gnutls and openssl wrt ciphersuite names strings. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
