From 13e4670c2947de4fad42bb6e9802c54e54f3053c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Sat, 1 Oct 2005 04:08:48 +0000 Subject: [PATCH] new option "openssl ciphers -V" --- CHANGES | 4 ++++ apps/ciphers.c | 33 +++++++++++++++++++++++++++------ doc/apps/ciphers.pod | 14 ++++++++++---- 3 files changed, 41 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index c41c967ded..f220bbe15e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] + *) New option -V for 'openssl ciphers'. This prints the ciphersuite code + in addition to the text details. + [Bodo Moeller] + *) Very, very preliminary EXPERIMENTAL support for printing of general ASN1 structures. This currently produces rather ugly output and doesn't handle several customised structures at all. diff --git a/apps/ciphers.c b/apps/ciphers.c index f5e8700a01..aa76ae2853 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -71,7 +71,8 @@ static const char *ciphers_usage[]={ "usage: ciphers args\n", -" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", +" -V - even more verbose\n", " -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", " -tls1 - TLS1 mode\n", @@ -83,7 +84,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int ret=1,i; - int verbose=0; + int verbose=0,Verbose=0; const char **pp; const char *p; int badops=0; @@ -121,6 +122,8 @@ int MAIN(int argc, char **argv) { if (strcmp(*argv,"-v") == 0) verbose=1; + else if (strcmp(*argv,"-V") == 0) + verbose=Verbose=1; #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); @@ -179,15 +182,33 @@ int MAIN(int argc, char **argv) } BIO_printf(STDout,"\n"); } - else + else /* verbose */ { sk=SSL_get_ciphers(ssl); for (i=0; iid; + int id0 = (int)(id >> 24); + int id1 = (int)((id >> 16) & 0xffL); + int id2 = (int)((id >> 8) & 0xffL); + int id3 = (int)(i & 0xffL); + + if ((id & 0xff000000L) == 0x02000000L) + BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ + else if ((id & 0xff000000L) == 0x03000000L) + BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ + else + BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ + } + + BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); } } diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 81a2c43893..00d4cb1fd8 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool. B B [B<-v>] +[B<-V>] [B<-ssl2>] [B<-ssl3>] [B<-tls1>] @@ -15,7 +16,7 @@ B B =head1 DESCRIPTION -The B command converts OpenSSL cipher lists into ordered +The B command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. @@ -25,7 +26,7 @@ the appropriate cipherlist. =item B<-v> -verbose option. List ciphers with a complete description of +Verbose option. List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. @@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice in a cipher list; this is when similar ciphers are available for SSL v2 and for SSL v3/TLS v1. +=item B<-V> + +Like B<-V>, but include cipher suite codes in output (hex format). + =item B<-ssl3> only include SSL v3 ciphers. @@ -388,7 +393,8 @@ L, L, L =head1 HISTORY -The B and B selection options were -added in version 0.9.7. +The B and B selection options +for cipherlist strings were added in OpenSSL 0.9.7. +The B<-V> option for the B command was added in OpenSSL 0.9.9. =cut -- 2.25.1