Add 2 byte cipherID to JSON?

[mpd-dude]

While the json/server-side-tls-conf.json file is excellent for automated processing, it would be even more helpful to include the 2 byte cipherID for each ciphersuite.

Background: since there exist many different string representations (OpenSSL, IANA, ...) for the same ciphersuite, using the 2 byte cipherID would be the safest way for a match.

Would it be possible to add the cipherID in addition to the existing string representation in the JSON file? Thanks for considering.

[jvehent]

Yes, I think that would be a good idea. We'd need to do that in a backward compatible way, but we will have to rework the JSON format for TLS1.3 anyway, given the changes to the way ciphersuites are handled.

[april]

Just FYI, version 5.1 of the JSON guidelines will now include the IANA cipher string. I probably won't add support GnuTLS until some software comes along that requires it.

https://ssl-config.mozilla.org/server-side-tls/5.1.json

[gstrauss]

The official IANA registry is https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

Given that server-side-tls guidelines include the official IANA name, you could obtain the two bytes from the IANA table.
The two bytes are also listed on https://wiki.mozilla.org/Security/Server_Side_TLS but that would require parsing HTML.

While, yes, it would be convenient if the guideline .json included that information, I think it would be better to obtain that mapping from the source (IANA) or from a purpose-specific table, e.g. https://github.com/april/tls-table (though I have a pending PR in mozilla/tls-table#10 with some fixes)

==> Is this feature request (from 2017!!!) still something we should consider for inclusion in in the guidelines or can this issue be closed?

[gstrauss]

Might revisit after #292 is resolved.

[gstrauss]

@gene1wood would you please grant me access to https://github.com/mozilla/tls-table/ ?

[gene1wood]

@gstrauss You should already have access. You're listed in permissions as having write access. Can you check to see if you have write access to the repo?

[gstrauss]

@gene1wood thank you for checking. Yes, I do have access. Sorry for the noise.

[gstrauss]

Apps currently supported in https://ssl-config.mozilla.org use the cipher string names for configuration, not the cipherID magic numbers.

Since this feature request was filed in 2017, there has not been much +1 or thumbs up from others requesting this feature. Should that change, we'll revisit this request.

In the meantime, https://github.com/mozilla/tls-table is a maintained python script which scrapes some websites and creates a table of the different names and associated two-byte IANA-assigned cypherID. Maybe you can integrate with that?