[openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER
Eric Erhardt
Eric.Erhardt at microsoft.com
Wed Jan 20 18:13:05 UTC 2016
What is the most appropriate way to programmatically get the following information about an SSL_CIPHER?
Currently, we need to read:
* Which cipher algorithm is being used
* Which key exchange algorithm is being used
* Which MAC hash algorithm is being used
The way we've currently been doing this is by looking at the SSL_CIPHER's algorithm_enc, algorithm_mkey, and algorithm_mac fields. But since there is no public header that contains the enum values, we've copied the values out of ssl/ssl_locl.h into our own code.
This is problematic, since these values have recently changed with https://github.com/openssl/openssl/commit/bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb
For example:
-# define SSL_kDHE 0x00000008U
+# define SSL_kDHE 0x00000002U
One option we've discussed is to compare strings returned from SSL_CIPHER_get_name, or SSL_CIPHER_description, but this seems less than ideal.
Is there a better way to programmatically get this information?
Thanks in advance,
Eric Erhardt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160120/d07385d6/attachment-0001.html>
More information about the openssl-users
mailing list