I am developing SSL-Cipher-Scanner. This means that I specify the host and port, and my program tells me which ciphers the host accepts.
My current version works, but slow (about 20-30 seconds per host), because I open a new connection for each encryption.
I use the following methods (in that order):
ssl_ctx = SSL_CTX_new(method);
bio = BIO_new_ssl_connect(ssl_ctx);
BIO_set_conn_port(bio, port);
BIO_set_conn_hostname(bio, host);
BIO_get_ssl(bio, &ssl);
SSL_set_cipher_list(ssl, cipher);
BIO_do_connect(bio);
BIO_do_handshake(bio);
Now I tried setting the encryption list again and doing another handshake instead of reconnecting. In wirehark, I saw that it actually used the change encryption specification protocol, but the server returned an encrypted warning (so I can’t tell which one it is). Return values
SSL_set_cipher_list(ssl, cipher);
and
BIO_do_handshake(bio);
equal to 1, so it must be successful.
- , ?
: openssl 1.0.2h