The supported protocols and cipher suites can be determined by calling CryptGetProvParam with PP_ENUMALGS_EX. This works in a manner similar to the use of PP_ENUMALGS, but returns the following structure instead of the more limited one returned when using PP_ENUMALGS.
// protocol flags
#define CRYPT_FLAG_SSL3 0x0004
#define CRYPT_FLAG_TLS1 0x0008
typedef struct _PROV_ENUMALGS_EX
{
ALG_ID aiAlgid;
DWORD dwDefaultLen;
DWORD dwMinLen;
DWORD dwMaxLen;
DWORD dwProtocols;
DWORD dwNameLen;
CHAR szName[20];
DWORD dwLongNameLen;
CHAR szLongName[40];
} PROV_ENUMALGS_EX;
The following table shows the algorithm list that might be returned by a typical (domestic) PROV_DH_SCHANNEL CSP.
| Algid | Min | Max | Protocols | Name |
|---|---|---|---|---|
| CALG_DH_EPHEM | 512 | 2048 | 0x000C | "DH_KEYX" |
| CALG_MD5 | 128 | 128 | 0x000C | "MD5" |
| CALG_SHA | 160 | 160 | 0x000C | "SHA" |
| CALG_RC4 | 40 | 128 | 0x000C | "RC4" |
| CALG_DES | 56 | 56 | 0x000C | "DES" |
Before sending a ClientHello or ServerHello message, the protocol engine enumerates all of the algorithms and key sizes supported by the CSP and internally build a list of supported cipher suites.