9d5ac9532c
Add an accessor for SSL_CTX. Since libssl was made opaque, there is no way for users to access the cipher_list, while users can set the cipher_list by SSL_CTX_set_cipher_list(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
73 lines
2.7 KiB
Text
73 lines
2.7 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
|
|
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
|
|
STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
|
|
STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl);
|
|
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
|
|
sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
|
|
is returned.
|
|
|
|
SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>.
|
|
|
|
SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for
|
|
B<ssl>, sorted by preference.
|
|
The list depends on settings like the cipher list, the supported protocol
|
|
versions, the security level, and the enabled signature algorithms.
|
|
SRP and PSK ciphers are only enabled if the appropriate callbacks or settings
|
|
have been applied.
|
|
This is the list that will be sent by the client to the server.
|
|
The list supported by the server might include more ciphers in case there is a
|
|
hole in the list of supported protocols.
|
|
The server will also not use ciphers from this list depending on the
|
|
configured certificates and DH parameters.
|
|
If B<ssl> is NULL or no ciphers are available, NULL is returned.
|
|
|
|
SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the
|
|
list received from the client on B<ssl>. If B<ssl> is NULL, no ciphers are
|
|
available, or B<ssl> is not operating in server mode, NULL is returned.
|
|
|
|
SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
|
|
listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
|
|
available, or there are less ciphers than B<priority> available, NULL
|
|
is returned.
|
|
|
|
=head1 NOTES
|
|
|
|
The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers()
|
|
SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using
|
|
the L<SSL_CIPHER_get_name(3)> family of functions.
|
|
|
|
Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
|
|
sorted list of available ciphers, until NULL is returned.
|
|
|
|
Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers()
|
|
return a pointer to an internal cipher stack, which will be freed later on when
|
|
the SSL or SSL_SESSION object is freed. Therefore, the calling code B<MUST NOT>
|
|
free the return value itself.
|
|
|
|
The stack returned by SSL_get1_supported_ciphers() should be freed using
|
|
sk_SSL_CIPHER_free().
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
See DESCRIPTION
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>,
|
|
L<SSL_CIPHER_get_name(3)>
|
|
|
|
=cut
|