Get the actually used cipher name,bits,version of the established
connection.
get_cipher_name, get_cipher_bits, get_cipher_version methods are
wrappers for SSL_get_cipher_name, SSL_get_cipher_bits,
SSL_get_cipher_version
https://www.openssl.org/docs/ssl/SSL_get_current_cipher.html
https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 67e4c82..7e2066c 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -1417,6 +1417,44 @@
if not result:
_raise_current_error()
+ def get_cipher_name(self):
+ """
+ Obtain the name of the currently used cipher.
+ :returns: The name of the currently used cipher or :py:obj:`None`
+ if no connection has been established.
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _native(_ffi.string(_lib.SSL_CIPHER_get_name(cipher)))
+
+ def get_cipher_bits(self):
+ """
+ Obtain the number of secret bits of the currently used cipher.
+ :returns: The number of secret bits of the currently used cipher
+ or :py:obj:`None` if no connection has been established.
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _lib.SSL_CIPHER_get_bits(cipher, _ffi.NULL)
+
+ def get_cipher_version(self):
+ """
+ Obtain the protocol name of the currently used cipher.
+ :returns: The protocol name of the currently used cipher
+ or :py:obj:`None` if no connection has been established.
+ """
+ cipher = _lib.SSL_get_current_cipher(self._ssl)
+ if cipher == _ffi.NULL:
+ return None
+ else:
+ return _native(_ffi.string(_lib.SSL_CIPHER_get_version(cipher)))
+
+
+
ConnectionType = Connection
# This is similar to the initialization calls at the end of OpenSSL/crypto.py
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index a6f0127..983dc96 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1932,7 +1932,62 @@
# XXX want_read
+ def test_get_cipher_name(self):
+ """
+ :py:obj:`Connection.get_cipher_name` returns the name of the currently
+ used cipher or :py:obj:`None` if no connection has been established.
+ """
+ # if connection is not established Connection.cipher returns None.
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertEqual(conn.get_cipher_name(), None)
+ server, client = self._loopback()
+ server_cipher_name, client_cipher_name = \
+ server.get_cipher_name(), client.get_cipher_name()
+
+ self.assertTrue(isinstance(server_cipher_name, str))
+ self.assertTrue(isinstance(client_cipher_name, str))
+
+ self.assertEqual(server_cipher_name, client_cipher_name)
+
+ def test_get_cipher_version(self):
+ """
+ :py:obj:`Connection.get_cipher_version` returns the protocol name of the currently
+ used cipher or :py:obj:`None` if no connection has been established.
+ """
+ # if connection is not established Connection.cipher returns None.
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertEqual(conn.get_cipher_version(), None)
+
+ server, client = self._loopback()
+ server_cipher_version, client_cipher_version = \
+ server.get_cipher_version(), client.get_cipher_version()
+
+ self.assertTrue(isinstance(server_cipher_version, str))
+ self.assertTrue(isinstance(client_cipher_version, str))
+
+ self.assertEqual(server_cipher_version, client_cipher_version)
+
+ def test_get_cipher_bits(self):
+ """
+ :py:obj:`Connection.get_cipher_bits` returns the number of secret bits of the currently
+ used cipher or :py:obj:`None` if no connection has been established.
+ """
+ # if connection is not established Connection.cipher returns None.
+ ctx = Context(TLSv1_METHOD)
+ conn = Connection(ctx, None)
+ self.assertEqual(conn.get_cipher_bits(), None)
+
+ server, client = self._loopback()
+ server_cipher_bits, client_cipher_bits = \
+ server.get_cipher_bits(), client.get_cipher_bits()
+
+ self.assertTrue(isinstance(server_cipher_bits, int))
+ self.assertTrue(isinstance(client_cipher_bits, int))
+
+ self.assertEqual(server_cipher_bits, client_cipher_bits)
class ConnectionGetCipherListTests(TestCase):
"""