On Wed, Jan 20, 2016, Eric Erhardt wrote: > What is the most appropriate way to programmatically get the following information about an SSL_CIPHER? > > Currently, we need to read: > > > * Which cipher algorithm is being used > > * Which key exchange algorithm is being used > > * Which MAC hash algorithm is being used > > The way we've currently been doing this is by looking at the SSL_CIPHER's algorithm_enc, algorithm_mkey, and algorithm_mac fields. But since there is no public header that contains the enum values, we've copied the values out of ssl/ssl_locl.h into our own code. > > This is problematic, since these values have recently changed with https://github.com/openssl/openssl/commit/bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb > > For example: > -# define SSL_kDHE 0x00000008U > +# define SSL_kDHE 0x00000002U > > > One option we've discussed is to compare strings returned from SSL_CIPHER_get_name, or SSL_CIPHER_description, but this seems less than ideal. > > Is there a better way to programmatically get this information? > There are several functions that can extract some of the information. SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid for example. Currently there isn't a function to extract the key exchange or signing algorithm though. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
