From cdc72e497d14167d0744ef0dd52b9778c431fb59 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 7 Feb 2016 20:33:43 +0100 Subject: [PATCH] Document SSL_get1_supported_ciphers Reviewed-by: Viktor Dukhovni MR: #1595 --- doc/ssl/SSL_get_ciphers.pod | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index 65781dae0b..5e4bc08dcd 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); @@ -18,8 +19,21 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B, sorted by preference. If B is NULL or no ciphers are available, NULL is returned. -SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the -list sent by the client for B. If B is NULL, no ciphers are +SSL_get1_supported_ciphers() returns the stack of enabled SSL_CIPHERs for +B, sorted by preference. +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +SRP and PSK ciphers are only enabled if the appropriate callbacks or settings +have been applied. +This is the list that will be sent by the client to the server. +The list supported by the server might include more ciphers in case there is a +hole in the list of supported protocols. +The server will also not use ciphers from this list depending on the +configured certificates and DH parameters. +If B is NULL or no ciphers are available, NULL is returned. + +SSL_get_client_ciphers() returns the stack of available SSL_CIPHERs matching the +list received from the client on B. If B is NULL, no ciphers are available, or B is not operating in server mode, NULL is returned. SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER @@ -29,7 +43,8 @@ is returned. =head1 NOTES -The details of the ciphers obtained by SSL_get_ciphers() can be obtained using +The details of the ciphers obtained by SSL_get_ciphers(), +SSL_get1_supported_ciphers() and SSL_get_client_ciphers() can be obtained using the L family of functions. Call SSL_get_cipher_list() with B starting from 0 to obtain the @@ -40,6 +55,9 @@ to an internal cipher stack, which will be freed later on when the SSL or SSL_SESSION object is freed. Therefore, the calling code B free the return value itself. +The stack returned by SSL_get1_supported_ciphers() should be freed using +sk_SSL_CIPHER_free(). + =head1 RETURN VALUES See DESCRIPTION -- 2.25.1