diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | apps/ciphers.c | 33 | ||||
| -rw-r--r-- | doc/apps/ciphers.pod | 14 |
3 files changed, 41 insertions, 10 deletions
@@ -4,6 +4,10 @@ Changes between 0.9.8a and 0.9.9 [xx XXX xxxx] + *) New option -V for 'openssl ciphers'. This prints the ciphersuite code + in addition to the text details. + [Bodo Moeller] + *) Very, very preliminary EXPERIMENTAL support for printing of general ASN1 structures. This currently produces rather ugly output and doesn't handle several customised structures at all. diff --git a/apps/ciphers.c b/apps/ciphers.c index f5e8700a01..aa76ae2853 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -71,7 +71,8 @@ static const char *ciphers_usage[]={ "usage: ciphers args\n", -" -v - verbose mode, a textual listing of the ciphers in SSLeay\n", +" -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", +" -V - even more verbose\n", " -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", " -tls1 - TLS1 mode\n", @@ -83,7 +84,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { int ret=1,i; - int verbose=0; + int verbose=0,Verbose=0; const char **pp; const char *p; int badops=0; @@ -121,6 +122,8 @@ int MAIN(int argc, char **argv) { if (strcmp(*argv,"-v") == 0) verbose=1; + else if (strcmp(*argv,"-V") == 0) + verbose=Verbose=1; #ifndef OPENSSL_NO_SSL2 else if (strcmp(*argv,"-ssl2") == 0) meth=SSLv2_client_method(); @@ -179,15 +182,33 @@ int MAIN(int argc, char **argv) } BIO_printf(STDout,"\n"); } - else + else /* verbose */ { sk=SSL_get_ciphers(ssl); for (i=0; i<sk_SSL_CIPHER_num(sk); i++) { - BIO_puts(STDout,SSL_CIPHER_description( - sk_SSL_CIPHER_value(sk,i), - buf,sizeof buf)); + SSL_CIPHER *c; + + c = sk_SSL_CIPHER_value(sk,i); + + if (Verbose) + { + unsigned long id = c->id; + int id0 = (int)(id >> 24); + int id1 = (int)((id >> 16) & 0xffL); + int id2 = (int)((id >> 8) & 0xffL); + int id3 = (int)(i & 0xffL); + + if ((id & 0xff000000L) == 0x02000000L) + BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ + else if ((id & 0xff000000L) == 0x03000000L) + BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ + else + BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ + } + + BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf)); } } diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 81a2c43893..00d4cb1fd8 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -8,6 +8,7 @@ ciphers - SSL cipher display and cipher list tool. B<openssl> B<ciphers> [B<-v>] +[B<-V>] [B<-ssl2>] [B<-ssl3>] [B<-tls1>] @@ -15,7 +16,7 @@ B<openssl> B<ciphers> =head1 DESCRIPTION -The B<cipherlist> command converts OpenSSL cipher lists into ordered +The B<ciphers> command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. @@ -25,7 +26,7 @@ the appropriate cipherlist. =item B<-v> -verbose option. List ciphers with a complete description of +Verbose option. List ciphers with a complete description of protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. @@ -33,6 +34,10 @@ Note that without the B<-v> option, ciphers may seem to appear twice in a cipher list; this is when similar ciphers are available for SSL v2 and for SSL v3/TLS v1. +=item B<-V> + +Like B<-V>, but include cipher suite codes in output (hex format). + =item B<-ssl3> only include SSL v3 ciphers. @@ -388,7 +393,8 @@ L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> =head1 HISTORY -The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were -added in version 0.9.7. +The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options +for cipherlist strings were added in OpenSSL 0.9.7. +The B<-V> option for the B<ciphers> command was added in OpenSSL 0.9.9. =cut |