On Thu, Aug 23, 2012, Saurabh Pandya wrote:

> I found following definition of "SSL_CIPHER" in openssl code
> 
> typedef struct ssl_cipher_st
>         {
>         int valid;
>         const char *name;               /* text name */
>         unsigned long id;               /* id, 4 bytes, first is version */
>         unsigned long algorithms;       /* what ciphers are used */
>         unsigned long algo_strength;    /* strength and export flags */
>         unsigned long algorithm2;       /* Extra flags */
>         int strength_bits;              /* Number of bits really used */
>         int alg_bits;                   /* Number of bits for algorithm */
>         unsigned long mask;             /* used for matching */
>         unsigned long mask_strength;    /* also used for matching */
>         } SSL_CIPHER;
> 
> 
> My interest is to get ids of supported ciphers by my SSL *.
> 
> Is following field of above structure hold the same info.
>         unsigned long id;               /* id, 4 bytes, first is version */
> 
> While here 4 bytes is given to this field. Description says one byte
> (Guess left most byte)
> is used for version, and rest "3" byes are used as cipher id ?? isn't it ?
> tcpdump/wireshark displays only two bytes for ciphers id in client
> hello message.
> 
> so for what the third byte is ???
> 
> Please clear my confusion...
> 
> I am solely interested in printing supported ciphers by my SSL *, using
> 
> STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(my_ssl);
> 

The most significant byte is a version number. The next three denote the
cipher ID. For the obsolete SSLv2 three bytes are used to encode the
ciphersuite, for SSLv3 and TLS only two. So unless you are intrested in SSLv2
you only need to examine the two least significant bytes.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to