Is there a pyOpenSSL wrapper for SSL_get_current_cipher?

Question

that is a way to get the actual cipher suite in use for a connection? get_cipher_list seems to return the "possible" cipher suite, that the client (or server) support.

Answer 1

from OpenSSL._util import (
ffi as _ffi,
lib as _lib)

...

c_cipher_obj = _lib.SSL_get_current_cipher(con._ssl)
cur_cipher = _ffi.string( _lib.SSL_CIPHER_get_name(c_cipher_obj))

where 'con' is your OpenSSL.SSL.Connection object that has been already used to connect to a server or to do a handshake.

I don't know why pyOpenSSL developers didn't add this method. M2Crypto does have it.

Answer 2

master@HEAD has introduced OpenSSL.SSL.Connection.get_cipher_name. and OpenSSL.SSL.Connection.get_cipher_bits. These will be available in pyOpenSSL 0.15.