that is a way to get the actual cipher suite in use for a connection? get_cipher_list seems to return the "possible" cipher suite, that the client (or server) support.
from OpenSSL._util import (
ffi as _ffi,
lib as _lib)
...
c_cipher_obj = _lib.SSL_get_current_cipher(con._ssl)
cur_cipher = _ffi.string( _lib.SSL_CIPHER_get_name(c_cipher_obj))
where 'con' is your OpenSSL.SSL.Connection object that has been already used to connect to a server or to do a handshake.
I don't know why pyOpenSSL developers didn't add this method. M2Crypto does have it.