Cryptography and SSL/TLS Toolkit



SSL_get_ciphers, SSL_get_cipher_list, SSL_get_shared_ciphers - get list of available SSL_CIPHERs


 #include <openssl/ssl.h>

 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
 const char *SSL_get_cipher_list(const SSL *ssl, int priority);
 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);


SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available, NULL is returned.

SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are available, or there are less ciphers than priority available, NULL is returned.

SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of SSL_CIPHER names that are available in both the client and the server. buf is the buffer that should be populated with the list of names and size is the size of that buffer. A pointer to buf is returned on success or NULL on error. If the supplied buffer is not large enough to contain the complete list of names then a truncated list of names will be returned. Note that just because a ciphersuite is available (i.e. it is configured in the cipher list) and shared by both the client and the server it does not mean that it is enabled (for example some ciphers may not be usable by a server if there is not a suitable certificate configured). This function will return available shared ciphersuites whether or not they are enabled. This is a server side function only and must only be called after the completion of the initial handshake.


The details of the ciphers obtained by SSL_get_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions.

Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned.




ssl(3), SSL_CTX_set_cipher_list(3), SSL_CIPHER_get_name(3)