Allow return of supported ciphers.

	{

	int ret=1,i;

	int verbose=0,Verbose=0;

	int use_supported = 0;

#ifndef OPENSSL_NO_SSL_TRACE

	int stdname = 0;

#endif

			verbose=1;

		else if (strcmp(*argv,"-V") == 0)

			verbose=Verbose=1;

		else if (strcmp(*argv,"-s") == 0)

			use_supported = 1;

#ifndef OPENSSL_NO_SSL_TRACE

		else if (strcmp(*argv,"-stdname") == 0)

			stdname=verbose=1;

	ssl=SSL_new(ctx);

	if (ssl == NULL) goto err;

	if (use_supported)

		sk=SSL_get1_supported_ciphers(ssl);

	else

		sk=SSL_get_ciphers(ssl);

	if (!verbose)

		{

		for (i=0; ; i++)

		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

			{

			p=SSL_get_cipher_list(ssl,i);

			SSL_CIPHER *c = sk_SSL_CIPHER_value(sk,i);

			p = SSL_CIPHER_get_name(c);

			if (p == NULL) break;

			if (i != 0) BIO_printf(STDout,":");

			BIO_printf(STDout,"%s",p);

		}

	else /* verbose */

		{

		sk=SSL_get_ciphers(ssl);

		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)

			{

		ERR_print_errors(bio_err);

		}

end:

	if (use_supported && sk)

		sk_SSL_CIPHER_free(sk);

	if (ctx != NULL) SSL_CTX_free(ctx);

	if (ssl != NULL) SSL_free(ssl);

	if (STDout != NULL) BIO_free_all(STDout);

	/* If it is a disabled cipher we didn't send it in client hello,

	 * so return an error.

	 */

	if (c->algorithm_ssl & ct->mask_ssl ||

		c->algorithm_mkey & ct->mask_k ||

		c->algorithm_auth & ct->mask_a)

	if (ssl_cipher_disabled(s, c))

		{

		al=SSL_AD_ILLEGAL_PARAMETER;

		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);

const SSL_METHOD *DTLS_client_method(void);	/* DTLS 1.0 and 1.2 */

STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);

STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);

int SSL_do_handshake(SSL *s);

int SSL_renegotiate(SSL *s);

	return(NULL);

	}

STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)

	{

	STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;

	int i;

	ciphers = SSL_get_ciphers(s);

	if (!ciphers)

		return NULL;

	ssl_set_client_disabled(s);

	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++)

		{

		const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);

		if (!ssl_cipher_disabled(s, c))

			{

			if (!sk)

				sk = sk_SSL_CIPHER_new_null();

			if (!sk)

				return NULL;

			if (!sk_SSL_CIPHER_push(sk, c))

				{

				sk_SSL_CIPHER_free(sk);

				return NULL;

				}

			}

		}

	return sk;

	}

/** return a STACK of the ciphers available for the SSL and in order of

 * algorithm id */

STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)

	{

	int i,j=0;

	SSL_CIPHER *c;

	CERT *ct = s->cert;

	unsigned char *q;

	int no_scsv = s->renegotiate;

	/* Set disabled masks for this session */

		{

		c=sk_SSL_CIPHER_value(sk,i);

		/* Skip disabled ciphers */

		if (c->algorithm_ssl & ct->mask_ssl ||

			c->algorithm_mkey & ct->mask_k ||

			c->algorithm_auth & ct->mask_a)

		if (ssl_cipher_disabled(s, c))

			continue;

#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL

		if (c->id == SSL3_CK_SCSV)

int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s,

				const unsigned char *sig, EVP_PKEY *pkey);

void ssl_set_client_disabled(SSL *s);

int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c);

int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);

int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);