NAME
SSL_get_ciphers
,
SSL_CTX_get_ciphers
,
SSL_get1_supported_ciphers
,
SSL_get_client_ciphers
,
SSL_get_cipher_list
—
get list of available
SSL_CIPHERs
SYNOPSIS
#include
<openssl/ssl.h>
STACK_OF(SSL_CIPHER) *
SSL_get_ciphers
(const
SSL *ssl);
STACK_OF(SSL_CIPHER) *
SSL_CTX_get_ciphers
(const
SSL_CTX *ctx);
STACK_OF(SSL_CIPHER) *
SSL_get1_supported_ciphers
(SSL
*ssl);
STACK_OF(SSL_CIPHER) *
SSL_get_client_ciphers
(const
SSL *ssl);
const char *
SSL_get_cipher_list
(const
SSL *ssl, int
priority);
DESCRIPTION
SSL_get_ciphers
()
returns the stack of available SSL_CIPHERs for
ssl, sorted by preference. If
ssl is NULL
or no ciphers are
available, NULL
is returned.
SSL_CTX_get_ciphers
()
returns the stack of available SSL_CIPHERs for
ctx.
SSL_get1_supported_ciphers
()
returns the stack of enabled SSL_CIPHERs for
ssl as it would be sent in a ClientHello, sorted by
preference. The list depends on settings like the cipher list, the supported
protocol versions, the security level, and the enabled signature algorithms.
The list of ciphers that would be sent in a ClientHello can differ from the
list of ciphers that would be acceptable when acting as a server. For
example, additional ciphers may be usable by a server if there is a gap in
the list of supported protocols, and some ciphers may not be usable by a
server if there is not a suitable certificate configured. If
ssl is NULL
or no ciphers are
available, NULL
is returned.
SSL_get_client_ciphers
()
returns the stack of available SSL_CIPHERs matching
the list received from the client on ssl. If
ssl is NULL
, no ciphers are
available, or ssl is not operating in server mode,
NULL
is returned.
SSL_get_ciphers
(),
SSL_CTX_get_ciphers
(), and
SSL_get_client_ciphers
() return pointers to internal
cipher stacks, which will be freed later on when the
SSL or SSL_CTX object is freed.
Therefore, the calling code must not free the return value itself.
The details of the ciphers obtained by
SSL_get_ciphers
(),
SSL_CTX_get_ciphers
(),
SSL_get1_supported_ciphers
(), and
SSL_get_client_ciphers
() can be obtained using the
SSL_CIPHER_get_name(3) family of functions.
SSL_get_cipher_list
()
returns a pointer to the name of the SSL_CIPHER listed
for ssl with priority. If
ssl is NULL
, no ciphers are
available, or there are fewer ciphers than priority
available, NULL
is returned.
Call
SSL_get_cipher_list
()
with priority starting from 0 to obtain the sorted
list of available ciphers, until NULL
is
returned.
SEE ALSO
HISTORY
SSL_get_cipher_list
() first appeared in
SSLeay 0.5.2. SSL_get_ciphers
() first appeared in
SSLeay 0.8.0. Both functions have been available since
OpenBSD 2.4.
SSL_CTX_get_ciphers
() first appeared in
OpenSSL 1.1.0 and has been available since OpenBSD
6.3.
SSL_get1_supported_ciphers
() and
SSL_get_client_ciphers
() first appeared in OpenSSL
1.1.0 and has been available since OpenBSD 6.5.