Fix session description info printingtmp-fix-cs-description

This fixes a truncation issue in session description information printing for certain ciphersuites, and adds a limited testing of expected description strings for certain ciphersuites. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-11-27 13:47:46 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-11-27 13:47:49 +0100
commit: e9d6c60a60a492e7fd99447b0d3cfc209ee0a1a4 (patch)
tree: e4c6ba8e0dfea4c6aa3dcd03689045629453f240
parent: f7143c4eb99ddbd5bf1b972244f24a0ff7ce22e3 (diff)
download: gnutls-tmp-fix-cs-description.tar.gz
4 files changed, 95 insertions, 41 deletions
diff --git a/lib/session.c b/lib/session.c
index 5d862198b5..a7ac943153 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -317,7 +317,7 @@ void gnutls_session_force_valid(gnutls_session_t session)
 	session->internals.invalid_connection = 0;
 }
 
-#define DESC_SIZE 64
+#define DESC_SIZE 96
 
 /**
  * gnutls_session_get_desc:
diff --git a/tests/cipher-neg-common.c b/tests/cipher-neg-common.c
index a855147359..bfbda8b05b 100644
--- a/tests/cipher-neg-common.c
+++ b/tests/cipher-neg-common.c
@@ -26,6 +26,7 @@ typedef struct test_case_st {
 	int group;
 	const char *client_prio;
 	const char *server_prio;
+	const char *desc;
 	unsigned not_on_fips;
 } test_case_st;
 
@@ -73,6 +74,19 @@ static void try(test_case_st *test)
 	sret = gnutls_cipher_get(client);
 	cret = gnutls_cipher_get(server);
 
+	if (test->desc) {
+		char *desc1 = gnutls_session_get_desc(server);
+		char *desc2 = gnutls_session_get_desc(client);
+
+		if (strcmp(desc1, desc2) != 0)
+			fail("server and client session description don't match (%s, %s)\n", desc1, desc2);
+
+		if (strcmp(desc1, test->desc) != 0)
+			fail("session and expected session description don't match (%s, %s)\n", desc1, test->desc);
+		gnutls_free(desc1);
+		gnutls_free(desc2);
+	}
+
 	if (sret != cret) {
 		fail("%s: client negotiated different cipher than server (%s, %s)!\n",
 			test->name, gnutls_cipher_get_name(cret),
diff --git a/tests/tls12-cipher-neg.c b/tests/tls12-cipher-neg.c
index 3e2352d677..1986604251 100644
--- a/tests/tls12-cipher-neg.c
+++ b/tests/tls12-cipher-neg.c
@@ -43,166 +43,192 @@ test_case_st tests[] = {
 		.not_on_fips = 1,
 		.cipher = GNUTLS_CIPHER_NULL,
 		.server_prio = "NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+NULL"
+		.client_prio = "NORMAL:+NULL",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
 	},
 	{
 		.name = "client TLS 1.2: NULL (client)",
 		.not_on_fips = 1,
 		.cipher = GNUTLS_CIPHER_NULL,
 		.server_prio = "NORMAL:+NULL",
-		.client_prio = "NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
 	},
 	{
 		.name = "server TLS 1.2: AES-128-GCM (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-GCM"
+		.client_prio = "NORMAL:+AES-128-GCM",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-GCM (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-GCM:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+AES-128-GCM:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)"
 	},
 	{
 		.name = "client TLS 1.2: AES-128-GCM (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.server_prio = "NORMAL:+AES-128-GCM",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-GCM (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.server_prio = "NORMAL:+AES-128-GCM:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-GCM)"
 	},
 	{
 		.name = "server TLS 1.2: AES-128-CCM (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-CCM"
+		.client_prio = "NORMAL:+AES-128-CCM",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-CCM (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-CCM:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+AES-128-CCM:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)"
 	},
 	{
 		.name = "client TLS 1.2: AES-128-CCM (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.server_prio = "NORMAL:+AES-128-CCM",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-CCM (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.server_prio = "NORMAL:+AES-128-CCM:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CCM)"
 	},
 	{
 		.name = "server TLS 1.2: CHACHA20-POLY (server)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+CHACHA20-POLY1305"
+		.client_prio = "NORMAL:+CHACHA20-POLY1305",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)"
 	},
 	{
 		.name = "both TLS 1.2: CHACHA20-POLY (server)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+CHACHA20-POLY1305:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+CHACHA20-POLY1305:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)"
 	},
 	{
 		.name = "client TLS 1.2: CHACHA20-POLY (client)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:+CHACHA20-POLY1305",
-		.client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)"
 	},
 	{
 		.name = "both TLS 1.2: CHACHA20-POLY (client)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:+CHACHA20-POLY1305:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(CHACHA20-POLY1305)"
 	},
 	{
 		.name = "server TLS 1.2: AES-128-CBC (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CBC,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-CBC"
+		.client_prio = "NORMAL:+AES-128-CBC",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-CBC (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CBC,
 		.server_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)"
 	},
 	{
 		.name = "client TLS 1.2: AES-128-CBC (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CBC,
 		.server_prio = "NORMAL:+AES-128-CBC",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: AES-128-CBC (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CBC,
 		.server_prio = "NORMAL:+AES-128-CBC:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+AES-128-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(AES-128-CBC)-(SHA1)"
 	},
 	{
 		.name = "server TLS 1.2: 3DES-CBC (server)",
 		.cipher = GNUTLS_CIPHER_3DES_CBC,
 		.server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+3DES-CBC"
+		.client_prio = "NORMAL:+3DES-CBC",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: 3DES-CBC (server)",
 		.cipher = GNUTLS_CIPHER_3DES_CBC,
 		.server_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)"
 	},
 	{
 		.name = "client TLS 1.2: 3DES-CBC (client)",
 		.cipher = GNUTLS_CIPHER_3DES_CBC,
 		.server_prio = "NORMAL:+3DES-CBC",
-		.client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: 3DES-CBC (client)",
 		.cipher = GNUTLS_CIPHER_3DES_CBC,
 		.server_prio = "NORMAL:+3DES-CBC:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+3DES-CBC:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(3DES-CBC)-(SHA1)"
 	},
 	{
 		.name = "server TLS 1.2: ARCFOUR-128 (server)",
 		.cipher = GNUTLS_CIPHER_ARCFOUR_128,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+ARCFOUR-128"
+		.client_prio = "NORMAL:+ARCFOUR-128",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: ARCFOUR-128 (server)",
 		.cipher = GNUTLS_CIPHER_ARCFOUR_128,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2:%SERVER_PRECEDENCE",
-		.client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.2"
+		.client_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)"
 	},
 	{
 		.name = "client TLS 1.2: ARCFOUR-128 (client)",
 		.cipher = GNUTLS_CIPHER_ARCFOUR_128,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:+ARCFOUR-128",
-		.client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)"
 	},
 	{
 		.name = "both TLS 1.2: ARCFOUR-128 (client)",
 		.cipher = GNUTLS_CIPHER_ARCFOUR_128,
 		.not_on_fips = 1,
 		.server_prio = "NORMAL:+ARCFOUR-128:+VERS-TLS1.2",
-		.client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2"
+		.client_prio = "NORMAL:-CIPHER-ALL:+ARCFOUR-128:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.2",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(ARCFOUR-128)-(SHA1)"
 	}
 };
 
diff --git a/tests/tls13-cipher-neg.c b/tests/tls13-cipher-neg.c
index df8d8de035..ac173bc54f 100644
--- a/tests/tls13-cipher-neg.c
+++ b/tests/tls13-cipher-neg.c
@@ -49,98 +49,112 @@ test_case_st tests[] = {
 		.not_on_fips = 1,
 		.cipher = GNUTLS_CIPHER_NULL,
 		.server_prio = SPRIO":+VERS-TLS1.2:-CIPHER-ALL:+NULL:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
-		.client_prio = CPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1"
+		.client_prio = CPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
 	},
 	{
 		.name = "client TLS 1.3: NULL (client)",
 		.not_on_fips = 1,
 		.cipher = GNUTLS_CIPHER_NULL,
 		.server_prio = SPRIO":+VERS-TLS1.2:+NULL:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
-		.client_prio = CPRIO":-CIPHER-ALL:+NULL:+CIPHER-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+NULL:+CIPHER-ALL:+VERS-TLS1.2:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+		.desc = "(TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA256)-(NULL)-(SHA1)",
 	},
 	{
 		.name = "server TLS 1.3: AES-128-GCM with SECP256R1 (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.group = GNUTLS_GROUP_SECP256R1,
 		.server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
-		.client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1"
+		.client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
 	},
 	{
 		.name = "both TLS 1.3: AES-128-GCM with X25519 (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.group = GNUTLS_GROUP_X25519,
 		.server_prio = SPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
-		.client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL"
+		.client_prio = CPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
+		.desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
 	},
 	{
 		.name = "client TLS 1.3: AES-128-GCM with SECP256R1 (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.group = GNUTLS_GROUP_SECP256R1,
 		.server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1",
-		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-ALL",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
 	},
 	{
 		.name = "both TLS 1.3: AES-128-GCM with X25519 (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_GCM,
 		.group = GNUTLS_GROUP_X25519,
 		.server_prio = SPRIO":+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-SECP256R1:+GROUP-ALL",
-		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-GCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519:+GROUP-ALL",
+		.desc = "(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)",
 	},
 	{
 		.name = "server TLS 1.3: AES-128-CCM and FFDHE2048 (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.group = GNUTLS_GROUP_FFDHE2048,
 		.server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
-		.client_prio = CPRIO":+AES-128-CCM"
+		.client_prio = CPRIO":+AES-128-CCM",
+		.desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
 	},
 	{
 		.name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (server)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.group = GNUTLS_GROUP_FFDHE2048,
 		.server_prio = SPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:%SERVER_PRECEDENCE:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
-		.client_prio = CPRIO":+AES-128-CCM:+VERS-TLS1.3"
+		.client_prio = CPRIO":+AES-128-CCM:+VERS-TLS1.3",
+		.desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
 	},
 	{
 		.name = "client TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.group = GNUTLS_GROUP_FFDHE2048,
 		.server_prio = SPRIO":+AES-128-CCM",
-		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+		.desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
 	},
 	{
 		.name = "both TLS 1.3: AES-128-CCM and FFDHE 2048 (client)",
 		.cipher = GNUTLS_CIPHER_AES_128_CCM,
 		.group = GNUTLS_GROUP_FFDHE2048,
 		.server_prio = SPRIO":+AES-128-CCM:+VERS-TLS1.3",
-		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+AES-128-CCM:+CIPHER-ALL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-ALL",
+		.desc = "(TLS1.3)-(DHE-FFDHE2048)-(RSA-PSS-RSAE-SHA256)-(AES-128-CCM)",
 	},
 	{
 		.name = "server TLS 1.3: CHACHA20-POLY (server)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
-		.client_prio = CPRIO":+CHACHA20-POLY1305"
+		.client_prio = CPRIO":+CHACHA20-POLY1305",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
 	},
 	{
 		.name = "both TLS 1.3: CHACHA20-POLY (server)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = SPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL:%SERVER_PRECEDENCE",
-		.client_prio = CPRIO":+CHACHA20-POLY1305:+VERS-TLS1.3"
+		.client_prio = CPRIO":+CHACHA20-POLY1305:+VERS-TLS1.3",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
 	},
 	{
 		.name = "client TLS 1.3: CHACHA20-POLY (client)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = SPRIO":+CHACHA20-POLY1305",
-		.client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
 	},
 	{
 		.name = "both TLS 1.3: CHACHA20-POLY (client)",
 		.cipher = GNUTLS_CIPHER_CHACHA20_POLY1305,
 		.not_on_fips = 1,
 		.server_prio = SPRIO":+CHACHA20-POLY1305",
-		.client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL"
+		.client_prio = CPRIO":-CIPHER-ALL:+CHACHA20-POLY1305:+CIPHER-ALL",
+		.desc = "(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(CHACHA20-POLY1305)",
 	}
 };
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-11-27 13:47:46 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-11-27 13:47:49 +0100
commit	e9d6c60a60a492e7fd99447b0d3cfc209ee0a1a4 (patch)
tree	e4c6ba8e0dfea4c6aa3dcd03689045629453f240
parent	f7143c4eb99ddbd5bf1b972244f24a0ff7ce22e3 (diff)
download	gnutls-tmp-fix-cs-description.tar.gz