The cipher list may be retrieved using “openssl cipher” command. This command has multiple options to filter output. The same is possible to do programmatically using openssl API. Here is c++ example how to programmatically obtain a list of available ciphers with appropriate cryptographic protocols they belong to. The code was implemented and tested on Ubuntu 22.
Source file ciphers.cpp
|
#include <stdio.h> #include <openssl/ssl.h> int main(int n, char ** s) { SSL_CTX * ctx = SSL_CTX_new( TLS_client_method() ); SSL *ssl = SSL_new(ctx); STACK_OF(SSL_CIPHER) * sslciphers = SSL_get_ciphers(ssl); if(sslciphers != NULL) { int num = sk_SSL_CIPHER_num(sslciphers); for (int i = 0; i < num; i++) { const SSL_CIPHER * cipher = sk_SSL_CIPHER_value(sslciphers, i); printf("%s, %s\n", SSL_CIPHER_get_name(cipher), SSL_CIPHER_get_version(cipher)); } printf("Total: %d\n", num); } SSL_free (ssl); SSL_CTX_free (ctx); return 0; } |
Compilation:
|
# g++ -g -o ciphers ciphers.cpp -lssl -lcrypto |
Execution:
|
s# ./ciphers TLS_AES_256_GCM_SHA384, TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, TLSv1.3 TLS_AES_128_GCM_SHA256, TLSv1.3 ECDHE-ECDSA-AES256-GCM-SHA384, TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, TLSv1.2 DHE-RSA-AES256-GCM-SHA384, TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305, TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305, TLSv1.2 DHE-RSA-CHACHA20-POLY1305, TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256, TLSv1.2 DHE-RSA-AES128-GCM-SHA256, TLSv1.2 ECDHE-ECDSA-AES256-SHA384, TLSv1.2 ECDHE-RSA-AES256-SHA384, TLSv1.2 DHE-RSA-AES256-SHA256, TLSv1.2 ECDHE-ECDSA-AES128-SHA256, TLSv1.2 ECDHE-RSA-AES128-SHA256, TLSv1.2 DHE-RSA-AES128-SHA256, TLSv1.2 ECDHE-ECDSA-AES256-SHA, TLSv1.0 ECDHE-RSA-AES256-SHA, TLSv1.0 DHE-RSA-AES256-SHA, SSLv3 ECDHE-ECDSA-AES128-SHA, TLSv1.0 ECDHE-RSA-AES128-SHA, TLSv1.0 DHE-RSA-AES128-SHA, SSLv3 RSA-PSK-AES256-GCM-SHA384, TLSv1.2 DHE-PSK-AES256-GCM-SHA384, TLSv1.2 RSA-PSK-CHACHA20-POLY1305, TLSv1.2 DHE-PSK-CHACHA20-POLY1305, TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305, TLSv1.2 AES256-GCM-SHA384, TLSv1.2 PSK-AES256-GCM-SHA384, TLSv1.2 PSK-CHACHA20-POLY1305, TLSv1.2 RSA-PSK-AES128-GCM-SHA256, TLSv1.2 DHE-PSK-AES128-GCM-SHA256, TLSv1.2 AES128-GCM-SHA256, TLSv1.2 PSK-AES128-GCM-SHA256, TLSv1.2 AES256-SHA256, TLSv1.2 AES128-SHA256, TLSv1.2 ECDHE-PSK-AES256-CBC-SHA384, TLSv1.0 ECDHE-PSK-AES256-CBC-SHA, TLSv1.0 SRP-RSA-AES-256-CBC-SHA, SSLv3 SRP-AES-256-CBC-SHA, SSLv3 RSA-PSK-AES256-CBC-SHA384, TLSv1.0 DHE-PSK-AES256-CBC-SHA384, TLSv1.0 RSA-PSK-AES256-CBC-SHA, SSLv3 DHE-PSK-AES256-CBC-SHA, SSLv3 AES256-SHA, SSLv3 PSK-AES256-CBC-SHA384, TLSv1.0 PSK-AES256-CBC-SHA, SSLv3 ECDHE-PSK-AES128-CBC-SHA256, TLSv1.0 ECDHE-PSK-AES128-CBC-SHA, TLSv1.0 SRP-RSA-AES-128-CBC-SHA, SSLv3 SRP-AES-128-CBC-SHA, SSLv3 RSA-PSK-AES128-CBC-SHA256, TLSv1.0 DHE-PSK-AES128-CBC-SHA256, TLSv1.0 RSA-PSK-AES128-CBC-SHA, SSLv3 DHE-PSK-AES128-CBC-SHA, SSLv3 AES128-SHA, SSLv3 PSK-AES128-CBC-SHA256, TLSv1.0 PSK-AES128-CBC-SHA, SSLv3 Total: 60 |