Add better support for showing TLS 1.3 ciphersuites in --show-tls

--show-tls shows mixed TLS 1.3 and TLS 1.2 ciphers.  The listed ciphers
are only valid in either --tls-cipher or --tls-ciphersuites, but it's
not clear which is which. This is confusing and not really helpful.

This patch modifies show-tls to show separate lists for TLS 1.2 and
TLS 1.3.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <20181010153624.27957-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17723.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 8 insertions, 4 deletions

diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index 2ae3bcd..1c244ec 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -517,15 +517,19 @@ int key_state_read_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf,
 void print_details(struct key_state_ssl *ks_ssl, const char *prefix);
 
 /*
- * Show the TLS ciphers that are available for us to use in the OpenSSL
- * library.
+ * Show the TLS ciphers that are available for us to use in the
+ * library depending on the TLS version. This function prints
+ * a list of ciphers without headers/footers.
  *
  * @param cipher_list       list of allowed TLS cipher, or NULL.
  * @param tls_cert_profile  TLS certificate crypto profile name.
+ * @param tls13             Select if <=TLS1.2 or TLS1.3+ ciphers
+ *                          should be shown
  */
 void
-show_available_tls_ciphers(const char *cipher_list,
-                           const char *tls_cert_profile);
+show_available_tls_ciphers_list(const char *cipher_list,
+                                const char *tls_cert_profile,
+                                bool tls13);
 
 /*
  * Show the available elliptic curves in the crypto library