1=pod 2 3=head1 NAME 4 5SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); 12 int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); 13 char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); 14 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); 15 16=head1 DESCRIPTION 17 18SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the 19argument is the NULL pointer, a pointer to the constant value "NONE" is 20returned. 21 22SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If 23B<alg_bits> is not NULL, it contains the number of bits processed by the 24chosen algorithm. If B<cipher> is NULL, 0 is returned. 25 26SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol 27version that first defined the cipher. 28This is currently B<SSLv2> or B<TLSv1/SSLv3>. 29In some cases it should possibly return "TLSv1.2" but does not; 30use SSL_CIPHER_description() instead. 31If B<cipher> is NULL, "(NONE)" is returned. 32 33SSL_CIPHER_description() returns a textual description of the cipher used 34into the buffer B<buf> of length B<len> provided. B<len> must be at least 35128 bytes, otherwise a pointer to the string "Buffer too small" is 36returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using 37OPENSSL_malloc(). If the allocation fails, a pointer to the string 38"OPENSSL_malloc Error" is returned. 39 40=head1 NOTES 41 42The number of bits processed can be different from the secret bits. An 43export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm 44does use the full 128 bits (which would be returned for B<alg_bits>), of 45which however 88bits are fixed. The search space is hence only 40 bits. 46 47The string returned by SSL_CIPHER_description() in case of success consists 48of cleartext information separated by one or more blanks in the following 49sequence: 50 51=over 4 52 53=item <ciphername> 54 55Textual representation of the cipher name. 56 57=item <protocol version> 58 59Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are 60flagged with SSLv3. No new ciphers were added by TLSv1.1. 61 62=item Kx=<key exchange> 63 64Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or 65B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>), 66B<DH/RSA>, B<DH/DSS>, B<Fortezza>. 67 68=item Au=<authentication> 69 70Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the 71representation of anonymous ciphers. 72 73=item Enc=<symmetric encryption method> 74 75Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>, 76B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>, 77B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>. 78 79=item Mac=<message authentication code> 80 81Message digest: B<MD5>, B<SHA1>. 82 83=item <export flag> 84 85If the cipher is flagged exportable with respect to old US crypto 86regulations, the word "B<export>" is printed. 87 88=back 89 90=head1 EXAMPLES 91 92Some examples for the output of SSL_CIPHER_description(): 93 94 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 95 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 96 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 97 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export 98 99A comp[lete list can be retrieved by invoking the following command: 100 101 openssl ciphers -v ALL 102 103=head1 BUGS 104 105If SSL_CIPHER_description() is called with B<cipher> being NULL, the 106library crashes. 107 108If SSL_CIPHER_description() cannot handle a built-in cipher, the according 109description of the cipher property is B<unknown>. This case should not 110occur. 111 112=head1 RETURN VALUES 113 114See DESCRIPTION 115 116=head1 SEE ALSO 117 118L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, 119L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)> 120 121=cut 122