SSL_GET_CIPHERS(3) | Library Functions Manual | SSL_GET_CIPHERS(3) |
SSL_get_ciphers
,
SSL_CTX_get_ciphers
,
SSL_get1_supported_ciphers
,
SSL_get_client_ciphers
,
SSL_get_cipher_list
— get
list of available SSL_CIPHERs
#include
<openssl/ssl.h>
STACK_OF(SSL_CIPHER) *
SSL_get_ciphers
(const
SSL *ssl);
STACK_OF(SSL_CIPHER) *
SSL_CTX_get_ciphers
(const
SSL_CTX *ctx);
STACK_OF(SSL_CIPHER) *
SSL_get1_supported_ciphers
(SSL
*ssl);
STACK_OF(SSL_CIPHER) *
SSL_get_client_ciphers
(const
SSL *ssl);
const char *
SSL_get_cipher_list
(const
SSL *ssl, int
priority);
SSL_get_ciphers
() returns the stack of
available SSL_CIPHERs for ssl,
sorted by preference. If ssl is
NULL
or no ciphers are available,
NULL
is returned.
SSL_CTX_get_ciphers
() returns the stack of
available SSL_CIPHERs for
ctx.
SSL_get1_supported_ciphers
() returns the
stack of enabled SSL_CIPHERs for
ssl as it would be sent in a ClientHello, sorted by
preference. The list depends on settings like the cipher list, the supported
protocol versions, the security level, and the enabled signature algorithms.
The list of ciphers that would be sent in a ClientHello can differ from the
list of ciphers that would be acceptable when acting as a server. For
example, additional ciphers may be usable by a server if there is a gap in
the list of supported protocols, and some ciphers may not be usable by a
server if there is not a suitable certificate configured. If
ssl is NULL
or no ciphers are
available, NULL
is returned.
SSL_get_client_ciphers
() returns the stack
of available SSL_CIPHERs matching the list received
from the client on ssl. If ssl
is NULL
, no ciphers are available, or
ssl is not operating in server mode,
NULL
is returned.
SSL_get_ciphers
(),
SSL_CTX_get_ciphers
(), and
SSL_get_client_ciphers
() return pointers to internal
cipher stacks, which will be freed later on when the
SSL or SSL_CTX object is freed.
Therefore, the calling code must not free the return value itself.
The details of the ciphers obtained by
SSL_get_ciphers
(),
SSL_CTX_get_ciphers
(),
SSL_get1_supported_ciphers
(), and
SSL_get_client_ciphers
() can be obtained using the
SSL_CIPHER_get_name(3)
family of functions.
SSL_get_cipher_list
() returns a pointer to
the name of the SSL_CIPHER listed for
ssl with priority. If
ssl is NULL
, no ciphers are
available, or there are fewer ciphers than priority
available, NULL
is returned.
Call SSL_get_cipher_list
() with
priority starting from 0 to obtain the sorted list of
available ciphers, until NULL
is returned.
SSL_get_cipher_list
() first appeared in
SSLeay 0.5.2. SSL_get_ciphers
() first appeared in
SSLeay 0.8.0. Both functions have been available since
OpenBSD 2.4.
SSL_CTX_get_ciphers
() first appeared in
OpenSSL 1.1.0 and has been available since OpenBSD
6.3.
SSL_get1_supported_ciphers
() and
SSL_get_client_ciphers
() first appeared in OpenSSL
1.1.0 and has been available since OpenBSD 6.5.
January 22, 2019 | OpenBSD-current |