listsuites.c (3448B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid 6 * all compiled-in knowledge of SSL cipher suites. 7 * 8 * Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6 9 */ 10 11 #include <errno.h> 12 #include <stdio.h> 13 #include "nss.h" 14 #include "secport.h" 15 #include "secutil.h" 16 #include "ssl.h" 17 18 int 19 main(int argc, char **argv) 20 { 21 const PRUint16 *cipherSuites = SSL_ImplementedCiphers; 22 int i; 23 int errCount = 0; 24 SECStatus rv; 25 PRErrorCode err; 26 char *certDir = NULL; 27 28 /* load policy from $SSL_DIR/pkcs11.txt, for testing */ 29 certDir = SECU_DefaultSSLDir(); 30 if (certDir) { 31 rv = NSS_Init(certDir); 32 } else { 33 rv = NSS_NoDB_Init(NULL); 34 } 35 if (rv != SECSuccess) { 36 err = PR_GetError(); 37 ++errCount; 38 fprintf(stderr, "NSS_Init failed: %s\n", PORT_ErrorToString(err)); 39 goto out; 40 } 41 42 /* apply policy */ 43 rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0); 44 if (rv != SECSuccess) { 45 err = PR_GetError(); 46 ++errCount; 47 fprintf(stderr, "NSS_SetAlgorithmPolicy failed: %s\n", 48 PORT_ErrorToString(err)); 49 goto out; 50 } 51 52 /* update the default cipher suites according to the policy */ 53 rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); 54 if (rv != SECSuccess) { 55 err = PR_GetError(); 56 ++errCount; 57 fprintf(stderr, "SSL_OptionSetDefault failed: %s\n", 58 PORT_ErrorToString(err)); 59 goto out; 60 } 61 62 fputs("This version of libSSL supports these cipher suites:\n\n", stdout); 63 64 /* disable all the SSL3 cipher suites */ 65 for (i = 0; i < SSL_NumImplementedCiphers; i++) { 66 PRUint16 suite = cipherSuites[i]; 67 PRBool enabled; 68 SSLCipherSuiteInfo info; 69 70 rv = SSL_CipherPrefGetDefault(suite, &enabled); 71 if (rv != SECSuccess) { 72 err = PR_GetError(); 73 ++errCount; 74 fprintf(stderr, 75 "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n", 76 suite, i, PORT_ErrorToString(err)); 77 continue; 78 } 79 rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info)); 80 if (rv != SECSuccess) { 81 err = PR_GetError(); 82 ++errCount; 83 fprintf(stderr, 84 "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n", 85 suite, i, PORT_ErrorToString(err)); 86 continue; 87 } 88 fprintf(stdout, 89 "%s:\n" /* up to 37 spaces */ 90 " 0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s Domestic %-11s\n", 91 info.cipherSuiteName, info.cipherSuite, 92 info.keaTypeName, info.authAlgorithmName, info.symCipherName, 93 info.effectiveKeyBits, info.macAlgorithmName, 94 enabled ? "Enabled" : "Disabled", 95 info.isFIPS ? "FIPS" : "", 96 info.nonStandard ? "nonStandard" : ""); 97 } 98 99 out: 100 rv = NSS_Shutdown(); 101 if (rv != SECSuccess) { 102 err = PR_GetError(); 103 ++errCount; 104 fprintf(stderr, "NSS_Shutdown failed: %s\n", PORT_ErrorToString(err)); 105 } 106 107 return errCount; 108 }