new option "openssl ciphers -V"
This commit is contained in:
parent
d08b6b44ba
commit
13e4670c29
3 changed files with 41 additions and 10 deletions
4
CHANGES
4
CHANGES
|
@ -4,6 +4,10 @@
|
|||
|
||||
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
|
||||
|
||||
*) New option -V for 'openssl ciphers'. This prints the ciphersuite code
|
||||
in addition to the text details.
|
||||
[Bodo Moeller]
|
||||
|
||||
*) Very, very preliminary EXPERIMENTAL support for printing of general
|
||||
ASN1 structures. This currently produces rather ugly output and doesn't
|
||||
handle several customised structures at all.
|
||||
|
|
|
@ -71,7 +71,8 @@
|
|||
|
||||
static const char *ciphers_usage[]={
|
||||
"usage: ciphers args\n",
|
||||
" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
|
||||
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
|
||||
" -V - even more verbose\n",
|
||||
" -ssl2 - SSL2 mode\n",
|
||||
" -ssl3 - SSL3 mode\n",
|
||||
" -tls1 - TLS1 mode\n",
|
||||
|
@ -83,7 +84,7 @@ int MAIN(int, char **);
|
|||
int MAIN(int argc, char **argv)
|
||||
{
|
||||
int ret=1,i;
|
||||
int verbose=0;
|
||||
int verbose=0,Verbose=0;
|
||||
const char **pp;
|
||||
const char *p;
|
||||
int badops=0;
|
||||
|
@ -121,6 +122,8 @@ int MAIN(int argc, char **argv)
|
|||
{
|
||||
if (strcmp(*argv,"-v") == 0)
|
||||
verbose=1;
|
||||
else if (strcmp(*argv,"-V") == 0)
|
||||
verbose=Verbose=1;
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
else if (strcmp(*argv,"-ssl2") == 0)
|
||||
meth=SSLv2_client_method();
|
||||
|
@ -179,15 +182,33 @@ int MAIN(int argc, char **argv)
|
|||
}
|
||||
BIO_printf(STDout,"\n");
|
||||
}
|
||||
else
|
||||
else /* verbose */
|
||||
{
|
||||
sk=SSL_get_ciphers(ssl);
|
||||
|
||||
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
|
||||
{
|
||||
BIO_puts(STDout,SSL_CIPHER_description(
|
||||
sk_SSL_CIPHER_value(sk,i),
|
||||
buf,sizeof buf));
|
||||
SSL_CIPHER *c;
|
||||
|
||||
c = sk_SSL_CIPHER_value(sk,i);
|
||||
|
||||
if (Verbose)
|
||||
{
|
||||
unsigned long id = c->id;
|
||||
int id0 = (int)(id >> 24);
|
||||
int id1 = (int)((id >> 16) & 0xffL);
|
||||
int id2 = (int)((id >> 8) & 0xffL);
|
||||
int id3 = (int)(i & 0xffL);
|
||||
|
||||
if ((id & 0xff000000L) == 0x02000000L)
|
||||
BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
|
||||
else if ((id & 0xff000000L) == 0x03000000L)
|
||||
BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
|
||||
else
|
||||
BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
|
||||
}
|
||||
|
||||
BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool.
|
|||
|
||||
B<openssl> B<ciphers>
|
||||
[B<-v>]
|
||||
[B<-V>]
|
||||
[B<-ssl2>]
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
|
@ -15,7 +16,7 @@ B<openssl> B<ciphers>
|
|||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The B<cipherlist> command converts OpenSSL cipher lists into ordered
|
||||
The B<ciphers> command converts textual OpenSSL cipher lists into ordered
|
||||
SSL cipher preference lists. It can be used as a test tool to determine
|
||||
the appropriate cipherlist.
|
||||
|
||||
|
@ -25,7 +26,7 @@ the appropriate cipherlist.
|
|||
|
||||
=item B<-v>
|
||||
|
||||
verbose option. List ciphers with a complete description of
|
||||
Verbose option. List ciphers with a complete description of
|
||||
protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
|
||||
authentication, encryption and mac algorithms used along with any key size
|
||||
restrictions and whether the algorithm is classed as an "export" cipher.
|
||||
|
@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice
|
|||
in a cipher list; this is when similar ciphers are available for
|
||||
SSL v2 and for SSL v3/TLS v1.
|
||||
|
||||
=item B<-V>
|
||||
|
||||
Like B<-V>, but include cipher suite codes in output (hex format).
|
||||
|
||||
=item B<-ssl3>
|
||||
|
||||
only include SSL v3 ciphers.
|
||||
|
@ -388,7 +393,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
|
|||
|
||||
=head1 HISTORY
|
||||
|
||||
The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
|
||||
added in version 0.9.7.
|
||||
The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
|
||||
for cipherlist strings were added in OpenSSL 0.9.7.
|
||||
The B<-V> option for the B<ciphers> command was added in OpenSSL 0.9.9.
|
||||
|
||||
=cut
|
||||
|
|
Loading…
Reference in a new issue