1=pod 2 3=head1 NAME 4 5SSL_get1_supported_ciphers, 6SSL_get_client_ciphers, 7SSL_get_ciphers, 8SSL_CTX_get_ciphers, 9SSL_bytes_to_cipher_list, 10SSL_get_cipher_list, 11SSL_get_shared_ciphers 12- get list of available SSL_CIPHERs 13 14=head1 SYNOPSIS 15 16 #include <openssl/ssl.h> 17 18 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); 19 STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); 20 STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); 21 STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); 22 int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, 23 int isv2format, STACK_OF(SSL_CIPHER) **sk, 24 STACK_OF(SSL_CIPHER) **scsvs); 25 const char *SSL_get_cipher_list(const SSL *ssl, int priority); 26 char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); 27 28=head1 DESCRIPTION 29 30SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>, 31sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL 32is returned. 33 34SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>. 35 36SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for 37B<ssl> as would be sent in a ClientHello (that is, sorted by preference). 38The list depends on settings like the cipher list, the supported protocol 39versions, the security level, and the enabled signature algorithms. 40SRP and PSK ciphers are only enabled if the appropriate callbacks or settings 41have been applied. 42The list of ciphers that would be sent in a ClientHello can differ from 43the list of ciphers that would be acceptable when acting as a server. 44For example, additional ciphers may be usable by a server if there is 45a gap in the list of supported protocols, and some ciphers may not be 46usable by a server if there is not a suitable certificate configured. 47If B<ssl> is NULL or no ciphers are available, NULL is returned. 48 49SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the 50list received from the client on B<ssl>. If B<ssl> is NULL, no ciphers are 51available, or B<ssl> is not operating in server mode, NULL is returned. 52 53SSL_bytes_to_cipher_list() treats the supplied B<len> octets in B<bytes> 54as a wire-protocol cipher suite specification (in the three-octet-per-cipher 55SSLv2 wire format if B<isv2format> is nonzero; otherwise the two-octet 56SSLv3/TLS wire format), and parses the cipher suites supported by the library 57into the returned stacks of SSL_CIPHER objects sk and Signalling Cipher-Suite 58Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success 59and 0 on failure. 60 61SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER 62listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are 63available, or there are less ciphers than B<priority> available, NULL 64is returned. 65 66SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of 67SSL_CIPHER names that are available in both the client and the server. B<buf> is 68the buffer that should be populated with the list of names and B<size> is the 69size of that buffer. A pointer to B<buf> is returned on success or NULL on 70error. If the supplied buffer is not large enough to contain the complete list 71of names then a truncated list of names will be returned. Note that just because 72a ciphersuite is available (i.e. it is configured in the cipher list) and shared 73by both the client and the server it does not mean that it is enabled (see the 74description of SSL_get1_supported_ciphers() above). This function will return 75available shared ciphersuites whether or not they are enabled. This is a server 76side function only and must only be called after the completion of the initial 77handshake. 78 79=head1 NOTES 80 81The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() 82SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using 83the L<SSL_CIPHER_get_name(3)> family of functions. 84 85Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the 86sorted list of available ciphers, until NULL is returned. 87 88Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() 89return a pointer to an internal cipher stack, which will be freed later on when 90the SSL or SSL_SESSION object is freed. Therefore, the calling code B<MUST NOT> 91free the return value itself. 92 93The stack returned by SSL_get1_supported_ciphers() should be freed using 94sk_SSL_CIPHER_free(). 95 96The stacks returned by SSL_bytes_to_cipher_list() should be freed using 97sk_SSL_CIPHER_free(). 98 99=head1 RETURN VALUES 100 101See DESCRIPTION 102 103=head1 SEE ALSO 104 105L<ssl(7)>, L<SSL_CTX_set_cipher_list(3)>, 106L<SSL_CIPHER_get_name(3)> 107 108=head1 COPYRIGHT 109 110Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. 111 112Licensed under the OpenSSL license (the "License"). You may not use 113this file except in compliance with the License. You can obtain a copy 114in the file LICENSE in the source distribution or at 115L<https://www.openssl.org/source/license.html>. 116 117=cut 118