new option "openssl ciphers -V"
diff --git a/CHANGES b/CHANGES
index c41c967..f220bbe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
+ *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+ in addition to the text details.
+ [Bodo Moeller]
+
*) Very, very preliminary EXPERIMENTAL support for printing of general
ASN1 structures. This currently produces rather ugly output and doesn't
handle several customised structures at all.
diff --git a/apps/ciphers.c b/apps/ciphers.c
index f5e8700..aa76ae2 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -71,7 +71,8 @@
static const char *ciphers_usage[]={
"usage: ciphers args\n",
-" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
+" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n",
+" -V - even more verbose\n",
" -ssl2 - SSL2 mode\n",
" -ssl3 - SSL3 mode\n",
" -tls1 - TLS1 mode\n",
@@ -83,7 +84,7 @@
int MAIN(int argc, char **argv)
{
int ret=1,i;
- int verbose=0;
+ int verbose=0,Verbose=0;
const char **pp;
const char *p;
int badops=0;
@@ -121,6 +122,8 @@
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
+ else if (strcmp(*argv,"-V") == 0)
+ verbose=Verbose=1;
#ifndef OPENSSL_NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
@@ -179,15 +182,33 @@
}
BIO_printf(STDout,"\n");
}
- else
+ else /* verbose */
{
sk=SSL_get_ciphers(ssl);
for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- BIO_puts(STDout,SSL_CIPHER_description(
- sk_SSL_CIPHER_value(sk,i),
- buf,sizeof buf));
+ SSL_CIPHER *c;
+
+ c = sk_SSL_CIPHER_value(sk,i);
+
+ if (Verbose)
+ {
+ unsigned long id = c->id;
+ int id0 = (int)(id >> 24);
+ int id1 = (int)((id >> 16) & 0xffL);
+ int id2 = (int)((id >> 8) & 0xffL);
+ int id3 = (int)(i & 0xffL);
+
+ if ((id & 0xff000000L) == 0x02000000L)
+ BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+ else if ((id & 0xff000000L) == 0x03000000L)
+ BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+ else
+ BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+ }
+
+ BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
}
}
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 81a2c43..00d4cb1 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -8,6 +8,7 @@
B<openssl> B<ciphers>
[B<-v>]
+[B<-V>]
[B<-ssl2>]
[B<-ssl3>]
[B<-tls1>]
@@ -15,7 +16,7 @@
=head1 DESCRIPTION
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
+The B<ciphers> command converts textual OpenSSL cipher lists into ordered
SSL cipher preference lists. It can be used as a test tool to determine
the appropriate cipherlist.
@@ -25,7 +26,7 @@
=item B<-v>
-verbose option. List ciphers with a complete description of
+Verbose option. List ciphers with a complete description of
protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
authentication, encryption and mac algorithms used along with any key size
restrictions and whether the algorithm is classed as an "export" cipher.
@@ -33,6 +34,10 @@
in a cipher list; this is when similar ciphers are available for
SSL v2 and for SSL v3/TLS v1.
+=item B<-V>
+
+Like B<-V>, but include cipher suite codes in output (hex format).
+
=item B<-ssl3>
only include SSL v3 ciphers.
@@ -388,7 +393,8 @@
=head1 HISTORY
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
+for cipherlist strings were added in OpenSSL 0.9.7.
+The B<-V> option for the B<ciphers> command was added in OpenSSL 0.9.9.
=cut
