Re: confusion with defination of SSL_CIPHER struct

Thu, 23 Aug 2012 06:40:16 -0700 

Thanks all...

On 8/23/12, Charles Mills <charl...@mcn.org> wrote:
> Watch out for "-endian" issues.
> --
> Sent from my mobile phone. Please excuse my brevity.
>
> Charles
>
> "Dr. Stephen Henson" <st...@openssl.org> wrote:
>
> On Thu, Aug 23, 2012, Saurabh Pandya wrote:
>
>> I found following definition of "SSL_CIPHER" in openssl code
>>
>> typedef struct ssl_cipher_st
>> {
>> int valid;
>> const char *name; /* text name */
>> unsigned long id; /* id, 4 bytes, first is version */
>> unsigned long algorithms; /* what ciphers are used */
>> unsigned long algo_strength; /* strength and export flags */
>> unsigned long algorithm2; /* Extra flags */
>> int strength_bits; /* Number of bits really used */
>> int alg_bits; /* Number of bits for algorithm */
>> unsigned long mask; /* used for matching */
>> unsigned long mask_strength; /* also used for matching */
>> } SSL_CIPHER;
>>
>>
>> My interest is to get ids of supported ciphers by my SSL *.
>>
>> Is following field of above structure hold the same info.
>> unsigned long id; /* id, 4 bytes, first is version */
>>
>> While here 4 bytes is given to this field. Description says one byte
>> (Guess left most byte)
>> is used for version, and rest "3" byes are used as cipher id ?? isn't it
>> ?
>> tcpdump/wireshark displays only two bytes for ciphers id in client
>> hello message.
>>
>> so for what the third byte is ???
>>
>> Please clear my confusion...
>>
>> I am solely interested in printing supported ciphers by my SSL *, using
>>
>> STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(my_ssl);
>>
>
> The most significant byte is a version number. The next three denote the
> cipher ID. For the obsolete SSLv2 three bytes are used to encode the
> ciphersuite, for SSLv3 and TLS only two. So unless you are intrested in
> SSLv2
> you only need to examine the two least significant bytes.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> _____________________________________________
>
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to