The supported protocols and cipher suites can be determined by calling CryptGetProvParam with PP_ENUMALGS_EX. This works in a manner similar to the use of PP_ENUMALGS, but returns the following structure instead of the more limited one returned when using PP_ENUMALGS.
// protocol flags
#define CRYPT_FLAG_PCT1 0x0001
#define CRYPT_FLAG_SSL2 0x0002
#define CRYPT_FLAG_SSL3 0x0004
#define CRYPT_FLAG_TLS1 0x0008
typedef struct _PROV_ENUMALGS_EX
{
ALG_ID aiAlgid;
DWORD dwDefaultLen;
DWORD dwMinLen;
DWORD dwMaxLen;
DWORD dwProtocols;
DWORD dwNameLen;
CHAR szName[20];
DWORD dwLongNameLen;
CHAR szLongName[40];
} PROV_ENUMALGS_EX;
The following table shows the algorithm list that might be returned by a typical (domestic) PROV_RSA_SCHANNEL CSP. Notice that neither SSL2 SHA MACs nor SSL2 DES encryption is supported by the CSP in this example.
Algid | Min | Max | Protocols | Name |
---|---|---|---|---|
CALG_RSA_KEYX | 512 | 2048 | 0x0007 | "RSA_KEYX" |
CALG_MD5 | 128 | 128 | 0x0007 | "MD5" |
CALG_SHA | 160 | 160 | 0x0005 | "SHA" |
CALG_RC4 | 40 | 128 | 0x0007 | "RC4" |
CALG_DES | 56 | 56 | 0x0005 | "DES" |
Before sending a ClientHello or ServerHello message, the protocol engine will enumerate all of the algorithms and key sizes supported by the CSP and internally build a list of supported cipher suites.