Is there a pyOpenSSL wrapper for SSL_get_current_cipher?

Question

that is a way to get the actual cipher suite in use for a connection? get_cipher_list seems to return the "possible" cipher suite, that the client (or server) support.

Now when this case is resolved for TCP, probably somebody can help me with the same problem in DTLS. I've just posted a new question about it here: http://stackoverflow.com/questions/23583508/how-to-get-current-cipher-in-pyopenssl-for-dtls — Oleg Gryb, May 10 '14 at 16:27

score 1 · Accepted Answer · answered May 03 '14 at 04:18

from OpenSSL._util import (
ffi as _ffi,
lib as _lib)

...

c_cipher_obj = _lib.SSL_get_current_cipher(con._ssl)
cur_cipher = _ffi.string( _lib.SSL_CIPHER_get_name(c_cipher_obj))

where 'con' is your OpenSSL.SSL.Connection object that has been already used to connect to a server or to do a handshake.

I don't know why pyOpenSSL developers didn't add this method. M2Crypto does have it.

score 1 · Answer 2 · answered Jun 02 '14 at 17:07

1

master@HEAD has introduced OpenSSL.SSL.Connection.get_cipher_name. and OpenSSL.SSL.Connection.get_cipher_bits. These will be available in pyOpenSSL 0.15.

answered Jun 02 '14 at 17:07

Jean-Paul Calderone

47,755
6
94
122

Is there a pyOpenSSL wrapper for SSL_get_current_cipher?

2 Answers2