[openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER

Eric Erhardt Eric.Erhardt at microsoft.com
Wed Jan 20 18:13:05 UTC 2016

What is the most appropriate way to programmatically get the following information about an SSL_CIPHER?

Currently, we need to read:

*         Which cipher algorithm is being used

*         Which key exchange algorithm is being used

*         Which MAC hash algorithm is being used

The way we've currently been doing this is by looking at the SSL_CIPHER's algorithm_enc, algorithm_mkey, and algorithm_mac fields. But since there is no public header that contains the enum values, we've copied the values out of ssl/ssl_locl.h into our own code.

This is problematic, since these values have recently changed with https://github.com/openssl/openssl/commit/bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb

For example:
-# define SSL_kDHE                0x00000008U
+# define SSL_kDHE                0x00000002U

One option we've discussed is to compare strings returned from SSL_CIPHER_get_name, or SSL_CIPHER_description, but this seems less than ideal.

Is there a better way to programmatically get this information?

Thanks in advance,
Eric Erhardt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160120/d07385d6/attachment-0001.html>

More information about the openssl-users mailing list