1=pod 2 3=head1 NAME 4 5SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); 12 int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); 13 char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); 14 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); 15 16=head1 DESCRIPTION 17 18SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the 19argument is the NULL pointer, a pointer to the constant value "NONE" is 20returned. 21 22SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If 23B<alg_bits> is not NULL, it contains the number of bits processed by the 24chosen algorithm. If B<cipher> is NULL, 0 is returned. 25 26SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol 27version that first defined the cipher. 28This is currently B<SSLv2> or B<TLSv1/SSLv3>. 29In some cases it should possibly return "TLSv1.2" but does not; 30use SSL_CIPHER_description() instead. 31If B<cipher> is NULL, "(NONE)" is returned. 32 33SSL_CIPHER_description() returns a textual description of the cipher used 34into the buffer B<buf> of length B<len> provided. B<len> must be at least 35128 bytes, otherwise a pointer to the string "Buffer too small" is 36returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using 37OPENSSL_malloc(). If the allocation fails, a pointer to the string 38"OPENSSL_malloc Error" is returned. 39 40=head1 NOTES 41 42The number of bits processed can be different from the secret bits. An 43export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm 44does use the full 128 bits (which would be returned for B<alg_bits>), of 45which however 88bits are fixed. The search space is hence only 40 bits. 46 47The string returned by SSL_CIPHER_description() in case of success consists 48of cleartext information separated by one or more blanks in the following 49sequence: 50 51=over 4 52 53=item <ciphername> 54 55Textual representation of the cipher name. 56 57=item <protocol version> 58 59Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are 60flagged with SSLv3. No new ciphers were added by TLSv1.1. 61 62=item Kx=<key exchange> 63 64Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or 65B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>), 66B<DH/RSA>, B<DH/DSS>, B<Fortezza>. 67 68=item Au=<authentication> 69 70Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the 71representation of anonymous ciphers. 72 73=item Enc=<symmetric encryption method> 74 75Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>, 76B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>, 77B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>. 78 79=item Mac=<message authentication code> 80 81Message digest: B<MD5>, B<SHA1>. 82 83=item <export flag> 84 85If the cipher is flagged exportable with respect to old US crypto 86regulations, the word "B<export>" is printed. 87 88=back 89 90=head1 EXAMPLES 91 92Some examples for the output of SSL_CIPHER_description(): 93 94 EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 95 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 96 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 97 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export 98 99A comp[lete list can be retrieved by invoking the following command: 100 101 openssl ciphers -v ALL 102 103=head1 BUGS 104 105If SSL_CIPHER_description() is called with B<cipher> being NULL, the 106library crashes. 107 108If SSL_CIPHER_description() cannot handle a built-in cipher, the according 109description of the cipher property is B<unknown>. This case should not 110occur. 111 112The standard terminology for ephemeral Diffie-Hellman schemes is DHE 113(finite field) or ECDHE (elliptic curve). This version of OpenSSL 114idiosyncratically reports these schemes as EDH and EECDH, even though 115it also accepts the standard terminology. 116 117It is recommended to use the standard terminology (DHE and ECDHE) 118during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of 119configuration. OpenSSL versions after 1.0.2 will report the standard 120terms via SSL_CIPHER_get_name and SSL_CIPHER_description. 121 122=head1 RETURN VALUES 123 124See DESCRIPTION 125 126=head1 SEE ALSO 127 128L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, 129L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>, 130L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)> 131 132=cut 133