We have some SSL communication using Boost asio. Connecting and communication works fine, but now we'd like to show the actual TLS version and cipher used by the connection.

The Boost asio objects we use for the SSL connection are defined like this:

typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket;
boost::shared_ptr<ssl_socket>   m_psslsocket;
boost::asio::ssl::context* m_pcontext;

It looks like Boost asio doesn't really have an interface to query the connection for the cipher once it's set up.

I can get the OpenSSL SSL_CTX* pointer by calling this:

SSL_CTX* ctx = pContext->impl(); 

Or the OpenSSL SSL* by calling this:

m_psslsocket->native_handle()

But from the OpenSSL documentation I can't figure out how to get the used cipher and TLS version from this.

OpenSSL documentation says:

SSL_client_version() returns the numeric protocol version advertised by the client in the legacy_version field of the ClientHello when initiating the connection. Note that, for TLS, this value will never indicate a version greater than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() returns the name of the protocol used for the connection. SSL_version() returns the numeric protocol version used for the connection. They should only be called after the initial handshake has been completed. Prior to that the results returned from these functions may be unreliable.

So the answer is:

SSL_get_version(SSL*)