Enumerating the Supported Protocols

The supported protocols and cipher suites can be determined by calling CryptGetProvParam with PP_ENUMALGS_EX. This works in a manner similar to the use of PP_ENUMALGS, but returns the following structure instead of the more limited one returned when using PP_ENUMALGS.

// protocol flags
#define CRYPT_FLAG_PCT1         0x0001
#define CRYPT_FLAG_SSL2         0x0002
#define CRYPT_FLAG_SSL3         0x0004
#define CRYPT_FLAG_TLS1         0x0008

typedef struct _PROV_ENUMALGS_EX 
{
    ALG_ID    aiAlgid;
    DWORD     dwDefaultLen;
    DWORD     dwMinLen;
    DWORD     dwMaxLen;
    DWORD     dwProtocols;
    DWORD     dwNameLen;
    CHAR      szName[20];
    DWORD     dwLongNameLen;
    CHAR      szLongName[40];
} PROV_ENUMALGS_EX;
 

The following table shows the algorithm list that might be returned by a typical (domestic) PROV_RSA_SCHANNEL CSP. Notice that neither SSL2 SHA MACs nor SSL2 DES encryption is supported by the CSP in this example.

Algid Min Max Protocols Name
CALG_RSA_KEYX 512 2048 0x0007 "RSA_KEYX"
CALG_MD5 128 128 0x0007 "MD5"
CALG_SHA 160 160 0x0005 "SHA"
CALG_RC4 40 128 0x0007 "RC4"
CALG_DES 56 56 0x0005 "DES"

Before sending a ClientHello or ServerHello message, the protocol engine will enumerate all of the algorithms and key sizes supported by the CSP and internally build a list of supported cipher suites.