[openssl-users] Getting the current key exchange algorithm mode from an SSL_CIPHER
Dr. Stephen Henson
steve at openssl.org
Wed Jan 20 19:09:49 UTC 2016
On Wed, Jan 20, 2016, Eric Erhardt wrote:
> What is the most appropriate way to programmatically get the following information about an SSL_CIPHER?
>
> Currently, we need to read:
>
>
> * Which cipher algorithm is being used
>
> * Which key exchange algorithm is being used
>
> * Which MAC hash algorithm is being used
>
> The way we've currently been doing this is by looking at the SSL_CIPHER's algorithm_enc, algorithm_mkey, and algorithm_mac fields. But since there is no public header that contains the enum values, we've copied the values out of ssl/ssl_locl.h into our own code.
>
> This is problematic, since these values have recently changed with https://github.com/openssl/openssl/commit/bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb
>
> For example:
> -# define SSL_kDHE 0x00000008U
> +# define SSL_kDHE 0x00000002U
>
>
> One option we've discussed is to compare strings returned from SSL_CIPHER_get_name, or SSL_CIPHER_description, but this seems less than ideal.
>
> Is there a better way to programmatically get this information?
>
There are several functions that can extract some of the information.
SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid for example.
Currently there isn't a function to extract the key exchange or signing
algorithm though.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list