gnutls_ciphersuite_get: new function to get unique ciphersuite name

The existing method to obtain the name of the currently negotiated TLS
ciphersuite is as follows:

- call gnutls_cipher_get, gnutls_mac_get, gnutls_kx_get
- call gnutls_cipher_suite_get_name with the value from the above functions

This process is cumbersome and only works with TLS 1.2 or earlier;
moreover the returned names are GnuTLS specific.

This change adds a new function gnutls_ciphersuite_get to eliminate
those limitations.  It returns the "canonical" name of the
ciphersuite, which is mostly identical to the ones registered in IANA,
with an exception for compatibility.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/.gitignore b/.gitignore
index 2465946e7268bdf213adfada09c694d6c8787c2b..e6f08947cafefec6f8a86a4fd78db442358ae5fe 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -357,6 +357,7 @@ tests/chainverify
 tests/chainverify-unsorted
 tests/cipher-alignment
 tests/cipher-test
+tests/ciphersuite-name
 tests/client
 tests/client-fastopen
 tests/client-sign-md5-rep

diff --git a/devel/gen-ciphersuite-names.py b/devel/gen-ciphersuite-names.py
new file mode 100644 (file)
index 0000000..2f7de71
--- /dev/null
+++ b/devel/gen-ciphersuite-names.py
@@ -0,0 +1,67 @@
+#!/usr/bin/python
+
+# This script outputs the mapping from GnuTLS ciphersuite names to
+# IANA ciphersuite names.  It can be invoked as:
+#
+#   $ wget https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
+#   $ python devel/gen-ciphersuite-names.py \
+#       lib/algorithms/ciphersuites.c tls-parameters-4.csv
+
+from typing import Mapping, TextIO, Tuple
+import csv
+import re
+
+
+def read_c(io: TextIO) -> Mapping[Tuple[int, int], str]:
+    result = dict()
+    for line in io:
+        m = re.match((r'#define\s+(GNUTLS_\S*)\s+\{\s*'
+                      r'0x([0-9a-fA-F]{2})\s*,\s*'
+                      r'0x([0-9a-fA-F]{2})\s*\}'),
+                     line)
+        if m:
+            result[(int(m.group(2), 16),
+                    int(m.group(3), 16))] = m.group(1)
+    return result
+
+
+def read_csv(io: TextIO) -> Mapping[Tuple[int, int], str]:
+    result = dict()
+    for row in csv.reader(io):
+        m = re.match((r'\s*0x([0-9a-fA-F]{2})\s*,'
+                      r'\s*0x([0-9a-fA-F]{2})'
+                      r'(?:-([0-9a-fA-F]{2}))?\s*'), row[0])
+        if m:
+            first = int(m.group(1), 16)
+            second = list()
+            second.append(int(m.group(2), 16))
+            if m.lastindex == 3:
+                second = list(range(second[-1], int(m.group(3), 16)+1))
+            for c in second:
+                result[(first, c)] = re.sub(r'\s+', ' ', row[1])
+    return result
+
+
+UNASSIGNED = {
+    (0x00, 0x66): 'TLS_DHE_DSS_RC4_128_SHA'
+}
+
+
+if __name__ == '__main__':
+    import argparse
+
+    parser = argparse.ArgumentParser()
+    parser.add_argument('c', type=argparse.FileType('r'))
+    parser.add_argument('csv', type=argparse.FileType('r'))
+
+    args = parser.parse_args()
+
+    g = read_c(args.c)
+    i = read_csv(args.csv)
+
+    for (k, v) in g.items():
+        if i[k].startswith('TLS_'):
+            canonical_name = i[k]
+        else:
+            canonical_name = UNASSIGNED[k]
+        print(f'{v}\t{canonical_name}')

diff --git a/devel/libgnutls.abignore b/devel/libgnutls.abignore
index c19dce38e11a1c763a5d7bb7a17888e269dc61bf..15e6827f05bb3244114eb510858d870db72a4da8 100644 (file)
--- a/devel/libgnutls.abignore
+++ b/devel/libgnutls.abignore
@@ -70,3 +70,5 @@ name = drbg_aes_reseed
 
 # The following should be removed in the new release, after updating the
 # abi-dump repository:
+[suppress_function]
+name = gnutls_ciphersuite_get

diff --git a/devel/symbols.last b/devel/symbols.last
index 7535696f832c679775737d35ae29efafc5eb9aef..84018a07e8b1cc0ffca1b292b4e2d80a3e84efe1 100644 (file)
--- a/devel/symbols.last
+++ b/devel/symbols.last
@@ -14,6 +14,7 @@ GNUTLS_3_6_9@GNUTLS_3_6_9
 GNUTLS_3_7_0@GNUTLS_3_7_0
 GNUTLS_3_7_2@GNUTLS_3_7_2
 GNUTLS_3_7_3@GNUTLS_3_7_3
+GNUTLS_3_7_4@GNUTLS_3_7_4
 _gnutls_global_init_skip@GNUTLS_3_4
 gnutls_aead_cipher_decrypt@GNUTLS_3_4
 gnutls_aead_cipher_decryptv2@GNUTLS_3_6_10
@@ -148,6 +149,7 @@ gnutls_cipher_set_iv@GNUTLS_3_4
 gnutls_cipher_suite_get_name@GNUTLS_3_4
 gnutls_cipher_suite_info@GNUTLS_3_4
 gnutls_cipher_tag@GNUTLS_3_4
+gnutls_ciphersuite_get@GNUTLS_3_7_4
 gnutls_compression_get@GNUTLS_3_4
 gnutls_compression_get_id@GNUTLS_3_4
 gnutls_compression_get_name@GNUTLS_3_4

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 9d54110ac9359ed96303b3661e580ceafadf5cf1..51b0256ec7b8c6ad0c79a75360d0f7d2c3945c81 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -888,6 +888,8 @@ FUNCS += functions/gnutls_cipher_list
 FUNCS += functions/gnutls_cipher_list.short
 FUNCS += functions/gnutls_cipher_set_iv
 FUNCS += functions/gnutls_cipher_set_iv.short
+FUNCS += functions/gnutls_ciphersuite_get
+FUNCS += functions/gnutls_ciphersuite_get.short
 FUNCS += functions/gnutls_cipher_suite_get_name
 FUNCS += functions/gnutls_cipher_suite_get_name.short
 FUNCS += functions/gnutls_cipher_suite_info

diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 2037bf91a97dc03ec94ffcb610c376832e162109..a964259790159dedb3250b443df518ee55cf7e06 100644 (file)
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -284,6 +284,7 @@ APIMANS += gnutls_cipher_get_tag_size.3
 APIMANS += gnutls_cipher_init.3
 APIMANS += gnutls_cipher_list.3
 APIMANS += gnutls_cipher_set_iv.3
+APIMANS += gnutls_ciphersuite_get.3
 APIMANS += gnutls_cipher_suite_get_name.3
 APIMANS += gnutls_cipher_suite_info.3
 APIMANS += gnutls_cipher_tag.3

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 9408397610172b639a5929b95c4188a3d746c13d..c7ce24505634612305ce89fb06f251de3cb422d0 100644 (file)
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -37,12 +37,12 @@
 #endif
 
 /* Cipher SUITES */
-#define ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \
-       { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256}
-#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
-       { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf}
-#define ENTRY_TLS13( name, block_algorithm, min_version, prf ) \
-       { #name, name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf}
+#define ENTRY( name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version ) \
+       { #name, name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA256}
+#define ENTRY_PRF( name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
+       { #name, name, canonical_name, block_algorithm, kx_algorithm, mac_algorithm, min_version, GNUTLS_TLS1_2, dtls_version, GNUTLS_DTLS1_2, prf}
+#define ENTRY_TLS13( name, canonical_name, block_algorithm, min_version, prf ) \
+       { #name, name, canonical_name, block_algorithm, 0, GNUTLS_MAC_AEAD, min_version, GNUTLS_TLS1_3, GNUTLS_VERSION_UNKNOWN, GNUTLS_VERSION_UNKNOWN, prf}
 
 /* TLS 1.3 ciphersuites */
 #define GNUTLS_AES_128_GCM_SHA256 { 0x13, 0x01 }
@@ -346,128 +346,128 @@
  */
 static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
 /* TLS 1.3 */
-       ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256,
+       ENTRY_TLS13(GNUTLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256",
                    GNUTLS_CIPHER_AES_128_GCM,
                    GNUTLS_TLS1_3,
                    GNUTLS_MAC_SHA256),
 
-       ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384,
+       ENTRY_TLS13(GNUTLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384",
                    GNUTLS_CIPHER_AES_256_GCM,
                    GNUTLS_TLS1_3,
                    GNUTLS_MAC_SHA384),
 
-       ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256,
+       ENTRY_TLS13(GNUTLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256",
                    GNUTLS_CIPHER_CHACHA20_POLY1305,
                    GNUTLS_TLS1_3,
                    GNUTLS_MAC_SHA256),
 
-       ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256,
+       ENTRY_TLS13(GNUTLS_AES_128_CCM_SHA256, "TLS_AES_128_CCM_SHA256",
                    GNUTLS_CIPHER_AES_128_CCM,
                    GNUTLS_TLS1_3,
                    GNUTLS_MAC_SHA256),
 
-       ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256,
+       ENTRY_TLS13(GNUTLS_AES_128_CCM_8_SHA256, "TLS_AES_128_CCM_8_SHA256",
                    GNUTLS_CIPHER_AES_128_CCM_8,
                    GNUTLS_TLS1_3,
                    GNUTLS_MAC_SHA256),
 
        /* RSA-NULL */
-       ENTRY(GNUTLS_RSA_NULL_MD5,
+       ENTRY(GNUTLS_RSA_NULL_MD5, "TLS_RSA_WITH_NULL_MD5",
              GNUTLS_CIPHER_NULL,
              GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_NULL_SHA1,
+       ENTRY(GNUTLS_RSA_NULL_SHA1, "TLS_RSA_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL,
              GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_NULL_SHA256,
+       ENTRY(GNUTLS_RSA_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256",
              GNUTLS_CIPHER_NULL,
              GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
        /* RSA */
-       ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, "TLS_RSA_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR_128,
              GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
+       ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5, "TLS_RSA_WITH_RC4_128_MD5",
              GNUTLS_CIPHER_ARCFOUR_128,
              GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC,
              GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, "TLS_RSA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, "TLS_RSA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
 
 /* GCM */
-       ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 /* CCM */
-       ENTRY(GNUTLS_RSA_AES_128_CCM,
+       ENTRY(GNUTLS_RSA_AES_128_CCM, "TLS_RSA_WITH_AES_128_CCM",
              GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_AES_256_CCM,
+       ENTRY(GNUTLS_RSA_AES_256_CCM, "TLS_RSA_WITH_AES_256_CCM",
              GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
 
 /* CCM_8 */
-       ENTRY(GNUTLS_RSA_AES_128_CCM_8,
+       ENTRY(GNUTLS_RSA_AES_128_CCM_8, "TLS_RSA_WITH_AES_128_CCM_8",
              GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_AES_256_CCM_8,
+       ENTRY(GNUTLS_RSA_AES_256_CCM_8, "TLS_RSA_WITH_AES_256_CCM_8",
              GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
@@ -475,146 +475,146 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
 
        /* DHE_DSS */
 #ifdef ENABLE_DHE
-       ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, "TLS_DHE_DSS_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
-       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 /* GCM */
-       ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* DHE_RSA */
-       ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 /* GCM */
-       ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
-       ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_DHE_RSA_CHACHA20_POLY1305, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
 
 /* CCM */
-       ENTRY(GNUTLS_DHE_RSA_AES_128_CCM,
+       ENTRY(GNUTLS_DHE_RSA_AES_128_CCM, "TLS_DHE_RSA_WITH_AES_128_CCM",
              GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_AES_256_CCM,
+       ENTRY(GNUTLS_DHE_RSA_AES_256_CCM, "TLS_DHE_RSA_WITH_AES_256_CCM",
              GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8,
+       ENTRY(GNUTLS_DHE_RSA_AES_128_CCM_8, "TLS_DHE_RSA_WITH_AES_128_CCM_8",
              GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8,
+       ENTRY(GNUTLS_DHE_RSA_AES_256_CCM_8, "TLS_DHE_RSA_WITH_AES_256_CCM_8",
              GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
@@ -622,564 +622,564 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
 #endif                         /* DHE */
 #ifdef ENABLE_ECDHE
 /* ECC-RSA */
-       ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
+       ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1, "TLS_ECDHE_RSA_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* ECDHE-ECDSA */
-       ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
+       ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* More ECC */
 
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
-       ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
-       ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_ECDHE_RSA_CHACHA20_POLY1305, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
-       ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
              GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
              GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CCM_8, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
              GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8,
+       ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CCM_8, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
              GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
 #endif
 #ifdef ENABLE_PSK
        /* ECC - PSK */
-       ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1,
+       ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA1, "TLS_ECDHE_PSK_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
+       ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, "TLS_ECDHE_PSK_WITH_NULL_SHA256",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, "TLS_ECDHE_PSK_WITH_NULL_SHA384",
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* PSK */
-       ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, "TLS_PSK_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1, "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1, "TLS_PSK_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1, "TLS_PSK_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, "TLS_PSK_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, "TLS_PSK_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 
-       ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256, "TLS_PSK_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_PSK_NULL_SHA1,
+       ENTRY(GNUTLS_PSK_NULL_SHA1, "TLS_PSK_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_PSK_NULL_SHA256,
+       ENTRY(GNUTLS_PSK_NULL_SHA256, "TLS_PSK_WITH_NULL_SHA256",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
-       ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, "TLS_PSK_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
+       ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, "TLS_PSK_WITH_NULL_SHA384",
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* RSA-PSK */
-       ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, "TLS_RSA_PSK_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 
-       ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
+       ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, "TLS_RSA_PSK_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
+       ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, "TLS_RSA_PSK_WITH_NULL_SHA256",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, "TLS_RSA_PSK_WITH_NULL_SHA384",
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 
        /* DHE-PSK */
-       ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, "TLS_DHE_PSK_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_NULL_SHA1,
+       ENTRY(GNUTLS_DHE_PSK_NULL_SHA1, "TLS_DHE_PSK_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
+       ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, "TLS_DHE_PSK_WITH_NULL_SHA256",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, "TLS_DHE_PSK_WITH_NULL_SHA384",
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
-       ENTRY(GNUTLS_PSK_AES_128_CCM,
+       ENTRY(GNUTLS_PSK_AES_128_CCM, "TLS_PSK_WITH_AES_128_CCM",
              GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_PSK_AES_256_CCM,
+       ENTRY(GNUTLS_PSK_AES_256_CCM, "TLS_PSK_WITH_AES_256_CCM",
              GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_AES_128_CCM,
+       ENTRY(GNUTLS_DHE_PSK_AES_128_CCM, "TLS_DHE_PSK_WITH_AES_128_CCM",
              GNUTLS_CIPHER_AES_128_CCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_AES_256_CCM,
+       ENTRY(GNUTLS_DHE_PSK_AES_256_CCM, "TLS_DHE_PSK_WITH_AES_256_CCM",
              GNUTLS_CIPHER_AES_256_CCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_PSK_AES_128_CCM_8,
+       ENTRY(GNUTLS_PSK_AES_128_CCM_8, "TLS_PSK_WITH_AES_128_CCM_8",
              GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_PSK_AES_256_CCM_8,
+       ENTRY(GNUTLS_PSK_AES_256_CCM_8, "TLS_PSK_WITH_AES_256_CCM_8",
              GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8,
+       ENTRY(GNUTLS_DHE_PSK_AES_128_CCM_8, "TLS_PSK_DHE_WITH_AES_128_CCM_8",
              GNUTLS_CIPHER_AES_128_CCM_8, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8,
+       ENTRY(GNUTLS_DHE_PSK_AES_256_CCM_8, "TLS_PSK_DHE_WITH_AES_256_CCM_8",
              GNUTLS_CIPHER_AES_256_CCM_8, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_DHE_PSK_CHACHA20_POLY1305, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_ECDHE_PSK_CHACHA20_POLY1305, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
 
-       ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_RSA_PSK_CHACHA20_POLY1305, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
 
-       ENTRY(GNUTLS_PSK_CHACHA20_POLY1305,
+       ENTRY(GNUTLS_PSK_CHACHA20_POLY1305, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
              GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_KX_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2),
 
 #endif
 #ifdef ENABLE_ANON
        /* DH_ANON */
-       ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
+       ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5, "TLS_DH_anon_WITH_RC4_128_MD5",
              GNUTLS_CIPHER_ARCFOUR_128,
              GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
              GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
-       ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1, "TLS_DH_anon_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1, "TLS_DH_anon_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
+       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
+       ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
+       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
+       ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
+       ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
+       ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
+       ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
+       ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
              GNUTLS_DTLS1_2),
-       ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
+       ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
                  GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 /* ECC-ANON */
-       ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
+       ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1, "TLS_ECDH_anon_WITH_NULL_SHA",
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
+       ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, "TLS_ECDH_anon_WITH_RC4_128_SHA",
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
 #endif
 #ifdef ENABLE_SRP
        /* SRP */
-       ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
-       ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 
-       ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+       ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_DTLS_VERSION_MIN),
 #endif
 
 #ifdef ENABLE_GOST
-       ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT,
+       ENTRY_PRF(GNUTLS_GOSTR341112_256_28147_CNT_IMIT, "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT",
                  GNUTLS_CIPHER_GOST28147_TC26Z_CNT, GNUTLS_KX_VKO_GOST_12,
                  GNUTLS_MAC_GOST28147_TC26Z_IMIT, GNUTLS_TLS1_2,
                  GNUTLS_VERSION_UNKNOWN, GNUTLS_MAC_STREEBOG_256),

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index a660828a57e95f4dee6cb401d333c3817153f2c5..c8d52475c72fc39a2fd7509252a1797175f8e01c 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -636,6 +636,7 @@ typedef struct cipher_entry_st {
 typedef struct gnutls_cipher_suite_entry_st {
        const char *name;
        const uint8_t id[2];
+       const char *canonical_name;
        gnutls_cipher_algorithm_t block_algorithm;
        gnutls_kx_algorithm_t kx_algorithm;
        gnutls_mac_algorithm_t mac_algorithm;

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 6359a0edb6ff39eb1e57391eeab2a7357bc291d5..482e9653c81ce3ca50525bb89b08745fc4966fbc 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1809,6 +1809,9 @@ const char *
                                     gnutls_cipher_algorithm_t cipher_algorithm,
                                     gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__;
 
+const char *
+gnutls_ciphersuite_get(gnutls_session_t session) __GNUTLS_CONST__;
+
 /* get the currently used protocol version */
 gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);
 

diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 30e96abafeb45e4629d15ac7b90f7d7b0ed421dc..5a2e8ce947cef0afbfbb7ddf45aae7e45aeb000e 100644 (file)
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1380,6 +1380,14 @@ GNUTLS_3_7_3
        *;
 } GNUTLS_3_7_2;
 
+GNUTLS_3_7_4
+{
+ global:
+       gnutls_ciphersuite_get;
+ local:
+       *;
+} GNUTLS_3_7_3;
+
 GNUTLS_FIPS140_3_4 {
   global:
        gnutls_cipher_self_test;

diff --git a/lib/state.c b/lib/state.c
index 94a15e2d4b7d25bb682fff5d13688cfe0185432b..f7a379fde26e1aef7c4a82082a5449f212531d2e 100644 (file)
--- a/lib/state.c
+++ b/lib/state.c
@@ -323,6 +323,35 @@ gnutls_early_prf_hash_get(const gnutls_session_t session)
                resumed_security_parameters.prf->id;
 }
 
+/**
+ * gnutls_ciphersuite_get:
+ * @session: is a #gnutls_session_t type.
+ *
+ * Get the canonical name of negotiated TLS ciphersuite.  The names
+ * returned by this function match the IANA registry, with one
+ * exception:
+ *
+ *   TLS_DHE_DSS_RC4_128_SHA { 0x00, 0x66 }
+ *
+ * which is reserved for compatibility.
+ *
+ * To get a detailed description of the current ciphersuite, it is
+ * recommended to use gnutls_session_get_desc().
+ *
+ * Returns: a string that contains the canonical name of a TLS ciphersuite,
+ *     or %NULL if the handshake is not completed.
+ *
+ * Since: 3.7.4
+ **/
+const char *
+gnutls_ciphersuite_get(gnutls_session_t session)
+{
+       if (unlikely(session->internals.handshake_in_progress)) {
+               return NULL;
+       }
+       return session->security_parameters.cs->canonical_name;
+}
+
 void reset_binders(gnutls_session_t session)
 {
        _gnutls_free_temp_key_datum(&session->key.binders[0].psk);

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 3f9f4bcd5673637cea81b412fc9a3675673daeb9..529f1cc077ff276aa648e9168b67eaed8cd2e5be 100644 (file)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -229,7 +229,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
         sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \
         tls13-without-timeout-func buffer status-request-revoked \
         set_x509_ocsp_multi_cli kdf-api keylog-func handshake-write \
-        x509cert-dntypes id-on-xmppAddr tls13-compat-mode
+        x509cert-dntypes id-on-xmppAddr tls13-compat-mode ciphersuite-name
 
 ctests += tls-channel-binding
 

diff --git a/tests/ciphersuite-name.c b/tests/ciphersuite-name.c
new file mode 100644 (file)
index 0000000..b7fd4de
--- /dev/null
+++ b/tests/ciphersuite-name.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2022 Red Hat, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>
+ */
+
+/* This tests gnutls_cipher_suite_get() and
+ * gnutls_cipher_suite_get_canonical_name()
+ */
+
+#include "config.h"
+
+#include <gnutls/gnutls.h>
+
+#include <string.h>
+#include "cert-common.h"
+#include "eagain-common.h"
+#include "utils.h"
+
+const char *side = "";
+
+static void tls_log_func(int level, const char *str)
+{
+       fprintf(stderr, "%s|<%d>| %s", side, level, str);
+}
+
+static void
+start(const char *test_name, const char *prio, const char *expected_name)
+{
+       int sret, cret;
+       gnutls_certificate_credentials_t scred, ccred;
+       gnutls_session_t server, client;
+       const char *name;
+
+       success("%s\n", test_name);
+
+       global_init();
+       gnutls_global_set_log_function(tls_log_func);
+       if (debug)
+               gnutls_global_set_log_level(9);
+
+       /* Init server */
+       assert(gnutls_certificate_allocate_credentials(&scred) >= 0);
+       assert(gnutls_certificate_set_x509_key_mem(scred,
+                                                  &server_cert,
+                                                  &server_key,
+                                                  GNUTLS_X509_FMT_PEM) >= 0);
+
+       gnutls_init(&server, GNUTLS_SERVER);
+
+       gnutls_priority_set_direct(server, prio, NULL);
+       gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE, scred);
+       gnutls_transport_set_push_function(server, server_push);
+       gnutls_transport_set_pull_function(server, server_pull);
+       gnutls_transport_set_ptr(server, server);
+
+       /* Init client */
+       gnutls_certificate_allocate_credentials(&ccred);
+       assert(gnutls_certificate_set_x509_trust_mem
+              (ccred, &ca3_cert, GNUTLS_X509_FMT_PEM) >= 0);
+
+       gnutls_init(&client, GNUTLS_CLIENT);
+
+       gnutls_priority_set_direct(client, prio, NULL);
+       gnutls_credentials_set(client, GNUTLS_CRD_CERTIFICATE, ccred);
+       gnutls_transport_set_push_function(client, client_push);
+       gnutls_transport_set_pull_function(client, client_pull);
+       gnutls_transport_set_ptr(client, client);
+
+       HANDSHAKE(client, server);
+       if (debug)
+               success("Handshake established\n");
+
+       name = gnutls_ciphersuite_get(server);
+       if (!name || strcmp(name, expected_name) != 0) {
+               fail("server: gnutls_ciphersuite_get returned %s while %s is expected\n",
+                    name, expected_name);
+       }
+
+       name = gnutls_ciphersuite_get(client);
+       if (!name || strcmp(name, expected_name) != 0) {
+               fail("client: gnutls_ciphersuite_get returned %s while %s is expected\n",
+                    name, expected_name);
+       }
+
+       gnutls_bye(client, GNUTLS_SHUT_WR);
+       gnutls_bye(server, GNUTLS_SHUT_WR);
+
+       gnutls_deinit(client);
+       gnutls_deinit(server);
+
+       gnutls_certificate_free_credentials(scred);
+       gnutls_certificate_free_credentials(ccred);
+
+       gnutls_global_deinit();
+       reset_buffers();
+}
+
+void doit(void)
+{
+       start("TLS 1.3 name",
+             "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-ALL:+GROUP-ALL",
+             "TLS_AES_256_GCM_SHA384");
+
+       start("TLS 1.2 name",
+             "NONE:+VERS-TLS1.2:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+RSA",
+             "TLS_RSA_WITH_AES_128_GCM_SHA256");
+}