CGO example to get openssl cipher list

By | February 18, 2024

This post is related to “How to get openssl cipher list programmatically” post. That post contains example written in C, current post presents example in Go which duplicates sequence of openssl API calls used by previous post. The Go example uses CGO package that enables interaction with C code of openssl shared libraries.


package main
// #cgo CFLAGS: -fPIC
// #cgo LDFLAGS: -lssl -lcrypto
// #include <openssl/ssl.h>
import "C"
import "runtime"
import "fmt"
func main() {
  if(runtime.GOOS == "linux") {
    sslctx := C.SSL_CTX_new(C.TLS_client_method()) //SSL_CTX
    ssl := C.SSL_new(sslctx) // SSL
    sslcipherlist := C.SSL_get_ciphers(ssl) //STACK_OF(SSL_CIPHER)
    num := C.sk_SSL_CIPHER_num(sslcipherlist)
    for i := 0; i < int(num); i++ {
       cipher := C.sk_SSL_CIPHER_value(sslcipherlist, C.int(i))
       fmt.Printf("%s ", C.GoString(C.SSL_CIPHER_get_name(cipher)))
       fmt.Printf("%s\n", C.GoString(C.SSL_CIPHER_get_version(cipher)))
    }
    fmt.Printf("Total number of ciphers: %d\n", num);
    C.SSL_free (ssl)
    C.SSL_CTX_free (sslctx)
  }
}

Testing:


./gociphers | head -n 12
TLS_AES_256_GCM_SHA384 TLSv1.3
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3
TLS_AES_128_GCM_SHA256 TLSv1.3
TLS_AES_128_CCM_SHA256 TLSv1.3
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2
ECDHE-ECDSA-AES256-CCM TLSv1.2
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2

Dependencies:


ldd gociphers
   linux-vdso.so.1 (0x00007ffd041d2000)
   libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f2cd3262000)
   libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f2cd2d78000)
   libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f2cd2b58000)
   libc.so.6 => /lib64/libc.so.6 (0x00007f2cd2793000)
   libz.so.1 => /lib64/libz.so.1 (0x00007f2cd257b000)
   libdl.so.2 => /lib64/libdl.so.2 (0x00007f2cd2377000)
   /lib64/ld-linux-x86-64.so.2 (0x00007f2cd34f6000)

Leave a Reply

Your email address will not be published. Required fields are marked *