OpenBSD manual page server

Manual Page Search Parameters
SSL_GET_CIPHERS(3) Library Functions Manual SSL_GET_CIPHERS(3)

SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_cipher_list
get list of available SSL_CIPHERs

#include <openssl/ssl.h>

STACK_OF(SSL_CIPHER) *
SSL_get_ciphers(const SSL *ssl);

STACK_OF(SSL_CIPHER) *
SSL_CTX_get_ciphers(const SSL_CTX *ctx);

STACK_OF(SSL_CIPHER) *
SSL_get1_supported_ciphers(SSL *ssl);

STACK_OF(SSL_CIPHER) *
SSL_get_client_ciphers(const SSL *ssl);

const char *
SSL_get_cipher_list(const SSL *ssl, int priority);

SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available, NULL is returned.

SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for ctx.

SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for ssl as it would be sent in a ClientHello, sorted by preference. The list depends on settings like the cipher list, the supported protocol versions, the security level, and the enabled signature algorithms. The list of ciphers that would be sent in a ClientHello can differ from the list of ciphers that would be acceptable when acting as a server. For example, additional ciphers may be usable by a server if there is a gap in the list of supported protocols, and some ciphers may not be usable by a server if there is not a suitable certificate configured. If ssl is NULL or no ciphers are available, NULL is returned.

SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the list received from the client on ssl. If ssl is NULL, no ciphers are available, or ssl is not operating in server mode, NULL is returned.

SSL_get_ciphers(), SSL_CTX_get_ciphers(), and SSL_get_client_ciphers() return pointers to internal cipher stacks, which will be freed later on when the SSL or SSL_CTX object is freed. Therefore, the calling code must not free the return value itself.

The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers(), SSL_get1_supported_ciphers(), and SSL_get_client_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions.

SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are available, or there are fewer ciphers than priority available, NULL is returned.

Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned.

ssl(3), SSL_CIPHER_get_name(3), SSL_CTX_set_cipher_list(3)

SSL_get_cipher_list() first appeared in SSLeay 0.5.2. SSL_get_ciphers() first appeared in SSLeay 0.8.0. Both functions have been available since OpenBSD 2.4.

SSL_CTX_get_ciphers() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.3.

SSL_get1_supported_ciphers() and SSL_get_client_ciphers() first appeared in OpenSSL 1.1.0 and has been available since OpenBSD 6.5.

January 22, 2019 OpenBSD-current