The cipher negotiated is a property of the SSL connection itself. SSL_get_current_cipher() is probably what you're looking for: http://www.openssl.org/docs/ssl/SSL_get_current_cipher.html for documentation.
-Kyle H On 2/7/06, Victor Duchovni <[EMAIL PROTECTED]> wrote: > > For Postfix 2.3 I would like to be able to determine whether the actual > cipher negotiated for a session initialized with a lenient allowed cipher > list, is actually a member of a more strict cipher list. > > The idea is to allow a-priori low security connections to be > opportunistically determined to be high security connections and then > with SASL allow the transmission of plain-text passwords rather instead > of requiring one-time challenge response protocols. > > So the question is, how do I determine whether the current cipher is a > member of say "MEDIUM:HIGH" or "kEDH+MEDIUM+HIGH:!ADH:!DSS"? > > Is this an appropriate user interface? Or should we instead just ask the > administrator to define a minimum secure-channel bit strength, which is > a more crude, but perhaps adequate control. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
