Allow return of supported ciphers.

New function ssl_cipher_disabled. Check for disabled client ciphers using ssl_cipher_disabled. New function to return only supported ciphers. New option to ciphers utility to print only supported ciphers.
author: Dr. Stephen Henson <steve@openssl.org> 2014-01-14 14:55:21 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2014-03-28 14:49:04 +0000
commit: 8b8e5bed233a2d8106296c8e460be252719e0fdd (patch)
tree: 17c745e4653e36d5039a9f601d923e32803c9439 /ssl/t1_lib.c
parent: 09599b52d4e295c380512ba39958a11994d63401 (diff)
download: openssl-8b8e5bed233a2d8106296c8e460be252719e0fdd.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c9e489898a..37cc6f6abf 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1093,6 +1093,14 @@ void ssl_set_client_disabled(SSL *s)
 	c->valid = 1;
 	}
 
+int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c)
+	{
+	CERT *ct = s->cert;
+	if (c->algorithm_ssl & ct->mask_ssl || c->algorithm_mkey & ct->mask_k || c->algorithm_auth & ct->mask_a)
+		return 1;
+	return 0;
+	}
+
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit, int *al)
 	{
 	int extdatalen=0;
author	Dr. Stephen Henson <steve@openssl.org>	2014-01-14 14:55:21 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2014-03-28 14:49:04 +0000
commit	8b8e5bed233a2d8106296c8e460be252719e0fdd (patch)
tree	17c745e4653e36d5039a9f601d923e32803c9439 /ssl/t1_lib.c
parent	09599b52d4e295c380512ba39958a11994d63401 (diff)
download	openssl-8b8e5bed233a2d8106296c8e460be252719e0fdd.tar.gz