Comments on: OpenSSL vs. GnuTLS cipher names

By: waldner

waldner — Tue, 06 Jun 2017 14:18:25 +0000

In reply to waldner. I've taken the liberty of making some minor changes to the script. Here it is.

#!/bin/bash
  
OPENSSL_CIPHERS_DEFAULT="ALL:-ADH:-RC4+RSA:+HIGH:-MEDIUM:-LOW:-SSLv2:-EXP"
OPENSSL_CIPHERS=${1:-"$OPENSSL_CIPHERS_DEFAULT"}

HEX_IDS=$(openssl ciphers -V "$OPENSSL_CIPHERS" | awk '{ print tolower($1)}')

GNUTLS_CIPHERS=""
while IFS= read -r ID; do
  ID=${ID/,/, }
  GNUTLS=$(gnutls-cli --list | awk -v id="$ID" '($2 " "$3) == id {print $1}')
  if test "${GNUTLS}" = ""; then
    echo "Unsupported: $ID"
  else
    GNUTLS_CIPHERS="${GNUTLS_CIPHERS}${SEP}${GNUTLS}"
    SEP=":"
  fi
done <<< "$HEX_IDS"

echo "OpenSSL-Ciphers: ${OPENSSL_CIPHERS}"
echo "GnuTLS-Ciphers: ${GNUTLS_CIPHERS}"

By: waldner

waldner — Tue, 06 Jun 2017 14:01:47 +0000

In reply to Jens. Hey, this is really nice and helpful! Thanks!

By: Jens

Jens — Tue, 06 Jun 2017 10:17:44 +0000

Hey, I made a small script depending on openssl and gnutls-cli for automatic conversion from openssl to gnutls: --- #!/bin/bash OPENSSL_CIPHERS_DEFAULT="ALL:-ADH:-RC4+RSA:+HIGH:-MEDIUM:-LOW:-SSLv2:-EXP" OPENSSL_CIPHERS=${1:-OPENSSL_CIPHERS_DEFAULT} HEX_IDS=$(openssl ciphers -V 'ALL:-ADH:-RC4+RSA:+HIGH:-MEDIUM:-LOW:-SSLv2:-EXP' | awk '{print $1;}' | tr '[:upper:]' '[:lower:]') GNUTLS_CIPHERS="" for ID in ${HEX_IDS}; do ID=$(echo $ID | sed 's/,/, /g') GNUTLS=$(gnutls-cli --list | grep "$ID" | awk '{print $1;}') if test "${GNUTLS}" = ""; then echo "Unsupported: $ID" else GNUTLS_CIPHERS="${GNUTLS_CIPHERS}:${GNUTLS}" fi done echo "OpenSSL-Ciphers: ${OPENSSL_CIPHERS}" echo "GnuTLS-Ciphers: ${GNUTLS_CIPHERS}" ---