diff --git a/libratbox/include/rb_commio.h b/libratbox/include/rb_commio.h
index f37677a44..fb83dd547 100644
--- a/libratbox/include/rb_commio.h
+++ b/libratbox/include/rb_commio.h
@@ -186,4 +186,6 @@ void rb_ssl_clear_handshake_count(rb_fde_t *F);
 int rb_pass_fd_to_process(rb_fde_t *, pid_t, rb_fde_t *);
 rb_fde_t *rb_recv_fd(rb_fde_t *);
 
+const char *rb_ssl_get_cipher(rb_fde_t *F);
+
 #endif /* INCLUDED_commio_h */
diff --git a/libratbox/src/export-syms.txt b/libratbox/src/export-syms.txt
index 0caa76875..42760d041 100644
--- a/libratbox/src/export-syms.txt
+++ b/libratbox/src/export-syms.txt
@@ -153,3 +153,4 @@ rb_getpid
 rb_waitpid
 rb_basename
 rb_dirname
+rb_ssl_get_cipher
diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c
index 77ad47ef2..a2d4c3bf8 100644
--- a/libratbox/src/gnutls.c
+++ b/libratbox/src/gnutls.c
@@ -632,5 +632,18 @@ rb_get_ssl_info(char *buf, size_t len)
 		    LIBGNUTLS_VERSION, gnutls_check_version(NULL));
 }
 
+const char *
+rb_ssl_get_cipher(rb_fde_t *F)
+{
+	static char buf[1024];
+
+	rb_snprintf(buf, sizeof(buf), "%s-%s-%s-%s",
+		gnutls_protocol_get_name(gnutls_protocol_get_version(SSL_P(F))),
+		gnutls_kx_get_name(gnutls_kx_get(SSL_P(F))),
+		gnutls_cipher_get_name(gnutls_cipher_get(SSL_P(F))),
+		gnutls_mac_get_name(gnutls_mac_get(SSL_P(F))));
+
+	return buf;
+}
 
 #endif /* HAVE_GNUTLS */
diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c
index 6a8c6b5e6..e819d983d 100644
--- a/libratbox/src/mbedtls.c
+++ b/libratbox/src/mbedtls.c
@@ -595,5 +595,12 @@ rb_get_ssl_info(char *buf, size_t len)
 		    MBEDTLS_VERSION_STRING, version_str);
 }
 
+const char *
+rb_ssl_get_cipher(rb_fde_t *F)
+{
+	if(F == NULL || F->ssl == NULL)
+		return NULL;
+	return mbedtls_ssl_get_ciphersuite(SSL_P(F));
+}
 
 #endif /* HAVE_GNUTLS */
diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index 59e4a16f8..fbdeefdff 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -745,5 +745,18 @@ rb_get_ssl_info(char *buf, size_t len)
 		    (long)OPENSSL_VERSION_NUMBER, SSLeay());
 }
 
+const char *
+rb_ssl_get_cipher(rb_fde_t *F)
+{
+	const SSL_CIPHER *sslciph;
+
+	if(F == NULL || F->ssl == NULL)
+		return NULL;
+
+	if((sslciph = SSL_get_current_cipher(F->ssl)) == NULL)
+		return NULL;
+
+	return SSL_CIPHER_get_name(sslciph);
+}
 
 #endif /* HAVE_OPESSL */