| =pod |
| |
| =head1 NAME |
| |
| SSL_get1_supported_ciphers, SSL_get_client_ciphers, |
| SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_get_cipher_list |
| - get list of available SSL_CIPHERs |
| |
| =head1 SYNOPSIS |
| |
| #include <openssl/ssl.h> |
| |
| STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); |
| STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); |
| STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); |
| STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); |
| const char *SSL_get_cipher_list(const SSL *ssl, int priority); |
| |
| =head1 DESCRIPTION |
| |
| SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>, |
| sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL |
| is returned. |
| |
| SSL_CTX_get_ciphers() returns the stack of available SSL_CIPHERs for B<ctx>. |
| |
| SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for |
| B<ssl>, sorted by preference. |
| The list depends on settings like the cipher list, the supported protocol |
| versions, the security level, and the enabled signature algorithms. |
| SRP and PSK ciphers are only enabled if the appropriate callbacks or settings |
| have been applied. |
| This is the list that will be sent by the client to the server. |
| The list supported by the server might include more ciphers in case there is a |
| hole in the list of supported protocols. |
| The server will also not use ciphers from this list depending on the |
| configured certificates and DH parameters. |
| If B<ssl> is NULL or no ciphers are available, NULL is returned. |
| |
| SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the |
| list received from the client on B<ssl>. If B<ssl> is NULL, no ciphers are |
| available, or B<ssl> is not operating in server mode, NULL is returned. |
| |
| SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER |
| listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are |
| available, or there are less ciphers than B<priority> available, NULL |
| is returned. |
| |
| =head1 NOTES |
| |
| The details of the ciphers obtained by SSL_get_ciphers(), SSL_CTX_get_ciphers() |
| SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using |
| the L<SSL_CIPHER_get_name(3)> family of functions. |
| |
| Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the |
| sorted list of available ciphers, until NULL is returned. |
| |
| Note: SSL_get_ciphers(), SSL_CTX_get_ciphers() and SSL_get_client_ciphers() |
| return a pointer to an internal cipher stack, which will be freed later on when |
| the SSL or SSL_SESSION object is freed. Therefore, the calling code B<MUST NOT> |
| free the return value itself. |
| |
| The stack returned by SSL_get1_supported_ciphers() should be freed using |
| sk_SSL_CIPHER_free(). |
| |
| =head1 RETURN VALUES |
| |
| See DESCRIPTION |
| |
| =head1 SEE ALSO |
| |
| L<ssl(3)>, L<SSL_CTX_set_cipher_list(3)>, |
| L<SSL_CIPHER_get_name(3)> |
| |
| =head1 COPYRIGHT |
| |
| Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
| |
| Licensed under the OpenSSL license (the "License"). You may not use |
| this file except in compliance with the License. You can obtain a copy |
| in the file LICENSE in the source distribution or at |
| L<https://www.openssl.org/source/license.html>. |
| |
| =cut |
