1SSL_CIPHER_get_name(3)              OpenSSL             SSL_CIPHER_get_name(3)
2
3
4

NAME

6       SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
7       SSL_CIPHER_description - get SSL_CIPHER properties
8

SYNOPSIS

10        #include <openssl/ssl.h>
11
12        const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
13        int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
14        char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
15        char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
16

DESCRIPTION

18       SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the
19       argument is the NULL pointer, a pointer to the constant value "NONE" is
20       returned.
21
22       SSL_CIPHER_get_bits() returns the number of secret bits used for
23       cipher. If alg_bits is not NULL, it contains the number of bits
24       processed by the chosen algorithm. If cipher is NULL, 0 is returned.
25
26       SSL_CIPHER_get_version() returns string which indicates the SSL/TLS
27       protocol version that first defined the cipher.  This is currently
28       SSLv2 or TLSv1/SSLv3.  In some cases it should possibly return
29       "TLSv1.2" but does not; use SSL_CIPHER_description() instead.  If
30       cipher is NULL, "(NONE)" is returned.
31
32       SSL_CIPHER_description() returns a textual description of the cipher
33       used into the buffer buf of length len provided. len must be at least
34       128 bytes, otherwise a pointer to the string "Buffer too small" is
35       returned. If buf is NULL, a buffer of 128 bytes is allocated using
36       OPENSSL_malloc(). If the allocation fails, a pointer to the string
37       "OPENSSL_malloc Error" is returned.
38

NOTES

40       The number of bits processed can be different from the secret bits. An
41       export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The
42       algorithm does use the full 128 bits (which would be returned for
43       alg_bits), of which however 88bits are fixed. The search space is hence
44       only 40 bits.
45
46       The string returned by SSL_CIPHER_description() in case of success
47       consists of cleartext information separated by one or more blanks in
48       the following sequence:
49
50       <ciphername>
51           Textual representation of the cipher name.
52
53       <protocol version>
54           Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are
55           flagged with SSLv3. No new ciphers were added by TLSv1.1.
56
57       Kx=<key exchange>
58           Key exchange method: RSA (for export ciphers as RSA(512) or
59           RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)), DH/RSA,
60           DH/DSS, Fortezza.
61
62       Au=<authentication>
63           Authentication method: RSA, DSS, DH, None. None is the
64           representation of anonymous ciphers.
65
66       Enc=<symmetric encryption method>
67           Encryption method with number of secret bits: DES(40), DES(56),
68           3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56),
69           RC2(128), IDEA(128), Fortezza, None.
70
71       Mac=<message authentication code>
72           Message digest: MD5, SHA1.
73
74       <export flag>
75           If the cipher is flagged exportable with respect to old US crypto
76           regulations, the word "export" is printed.
77

EXAMPLES

79       Some examples for the output of SSL_CIPHER_description():
80
81        EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
82        EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
83        RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
84        EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
85
86       A comp[lete list can be retrieved by invoking the following command:
87
88        openssl ciphers -v ALL
89

BUGS

91       If SSL_CIPHER_description() is called with cipher being NULL, the
92       library crashes.
93
94       If SSL_CIPHER_description() cannot handle a built-in cipher, the
95       according description of the cipher property is unknown. This case
96       should not occur.
97
98       The standard terminology for ephemeral Diffie-Hellman schemes is DHE
99       (finite field) or ECDHE (elliptic curve).  This version of OpenSSL
100       idiosyncratically reports these schemes as EDH and EECDH, even though
101       it also accepts the standard terminology.
102
103       It is recommended to use the standard terminology (DHE and ECDHE)
104       during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of
105       configuration.  OpenSSL versions after 1.0.2 will report the standard
106       terms via SSL_CIPHER_get_name and SSL_CIPHER_description.
107

RETURN VALUES

109       See DESCRIPTION
110

SEE ALSO

112       ssl(3), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1),
113       SSL_CTX_set_cipher_list(3)
114
115
116
1171.0.2k                            2017-01-26            SSL_CIPHER_get_name(3)
Impressum