|
Packit |
c4476c |
=pod
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NAME
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get1_supported_ciphers,
|
|
Packit |
c4476c |
SSL_get_client_ciphers,
|
|
Packit |
c4476c |
SSL_get_ciphers,
|
|
Packit |
c4476c |
SSL_CTX_get_ciphers,
|
|
Packit |
c4476c |
SSL_bytes_to_cipher_list,
|
|
Packit |
c4476c |
SSL_get_cipher_list,
|
|
Packit |
c4476c |
SSL_get_shared_ciphers
|
|
Packit |
c4476c |
- get list of available SSL_CIPHERs
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SYNOPSIS
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <openssl/ssl.h>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
|
|
Packit |
c4476c |
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
|
|
Packit |
c4476c |
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
|
|
Packit |
c4476c |
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
|
|
Packit |
c4476c |
int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
|
|
Packit |
c4476c |
int isv2format, STACK_OF(SSL_CIPHER) **sk,
|
|
Packit |
c4476c |
STACK_OF(SSL_CIPHER) **scsvs);
|
|
Packit |
c4476c |
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
|
|
Packit |
c4476c |
char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
|
|
Packit |
c4476c |
sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
|
|
Packit |
c4476c |
is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for
|
|
Packit |
c4476c |
B<ssl> as would be sent in a ClientHello (that is, sorted by preference).
|
|
Packit |
c4476c |
The list depends on settings like the cipher list, the supported protocol
|
|
Packit |
c4476c |
versions, the security level, and the enabled signature algorithms.
|
|
Packit |
c4476c |
SRP and PSK ciphers are only enabled if the appropriate callbacks or settings
|
|
Packit |
c4476c |
have been applied.
|
|
Packit |
c4476c |
The list of ciphers that would be sent in a ClientHello can differ from
|
|
Packit |
c4476c |
the list of ciphers that would be acceptable when acting as a server.
|
|
Packit |
c4476c |
For example, additional ciphers may be usable by a server if there is
|
|
Packit |
c4476c |
a gap in the list of supported protocols, and some ciphers may not be
|
|
Packit |
c4476c |
usable by a server if there is not a suitable certificate configured.
|
|
Packit |
c4476c |
If B<ssl> is NULL or no ciphers are available, NULL is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the
|
|
Packit |
c4476c |
list received from the client on B<ssl>. If B<ssl> is NULL, no ciphers are
|
|
Packit |
c4476c |
available, or B<ssl> is not operating in server mode, NULL is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_bytes_to_cipher_list() treats the supplied B<len> octets in B<bytes>
|
|
Packit |
c4476c |
as a wire-protocol cipher suite specification (in the three-octet-per-cipher
|
|
Packit |
c4476c |
SSLv2 wire format if B<isv2format> is nonzero; otherwise the two-octet
|
|
Packit |
c4476c |
SSLv3/TLS wire format), and parses the cipher suites supported by the library
|
|
Packit |
c4476c |
into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite
|
|
Packit |
c4476c |
Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success
|
|
Packit |
c4476c |
and 0 on failure.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
|
|
Packit |
c4476c |
listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
|
|
Packit |
c4476c |
available, or there are less ciphers than B<priority> available, NULL
|
|
Packit |
c4476c |
is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of
|
|
Packit |
c4476c |
SSL_CIPHER names that are available in both the client and the server. B<buf> is
|
|
Packit |
c4476c |
the buffer that should be populated with the list of names and B<size> is the
|
|
Packit |
c4476c |
size of that buffer. A pointer to B<buf> is returned on success or NULL on
|
|
Packit |
c4476c |
error. If the supplied buffer is not large enough to contain the complete list
|
|
Packit |
c4476c |
of names then a truncated list of names will be returned. Note that just because
|
|
Packit |
c4476c |
a ciphersuite is available (i.e. it is configured in the cipher list) and shared
|
|
Packit |
c4476c |
by both the client and the server it does not mean that it is enabled (see the
|
|
Packit |
c4476c |
description of SSL_get1_supported_ciphers() above). This function will return
|
|
Packit |
c4476c |
available shared ciphersuites whether or not they are enabled. This is a server
|
|
Packit |
c4476c |
side function only and must only be called after the completion of the initial
|
|
Packit |
c4476c |
handshake.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 NOTES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers()
|
|
Packit |
c4476c |
SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using
|
|
Packit |
c4476c |
the L<SSL_CIPHER_get_name(3)> family of functions.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
|
|
Packit |
c4476c |
sorted list of available ciphers, until NULL is returned.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers()
|
|
Packit |
c4476c |
return a pointer to an internal cipher stack, which will be freed later on when
|
|
Packit |
c4476c |
the SSL or SSL_SESSION object is freed. Therefore, the calling code B<MUST NOT>
|
|
Packit |
c4476c |
free the return value itself.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The stack returned by SSL_get1_supported_ciphers() should be freed using
|
|
Packit |
c4476c |
sk_SSL_CIPHER_free().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
The stacks returned by SSL_bytes_to_cipher_list() should be freed using
|
|
Packit |
c4476c |
sk_SSL_CIPHER_free().
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 RETURN VALUES
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
See DESCRIPTION
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 SEE ALSO
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
L<ssl(7)>, L<SSL_CTX_set_cipher_list(3)>,
|
|
Packit |
c4476c |
L<SSL_CIPHER_get_name(3)>
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=head1 COPYRIGHT
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
L<https://www.openssl.org/source/license.html>.
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
=cut
|