SSL_CIPHER_GET_NAME(3) BSD Library Functions Manual SSL_CIPHER_GET_NAME(3)NAME
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
SSL_CIPHER_description — get SSL_CIPHER properties
SYNOPSIS
#include <openssl/ssl.h>
const char *
SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
int
SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *
SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *
SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
DESCRIPTIONSSL_CIPHER_get_name() returns a pointer to the name of cipher. If the
argument is the NULL pointer, a pointer to the constant value "NONE" is
returned.
SSL_CIPHER_get_bits() returns the number of secret bits used for cipher.
If alg_bits is not NULL, it contains the number of bits processed by the
chosen algorithm. If cipher is NULL, 0 is returned.
SSL_CIPHER_get_version() returns a string which indicates the SSL/TLS
protocol version that first defined the cipher. This is currently
"SSLv2" or "TLSv1/SSLv3". In some cases it should possibly return
"TLSv1.2" but the function does not; use SSL_CIPHER_description(3)
instead. If cipher is NULL, "(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of the cipher used
into the buffer buf of length len provided. If buf is NULL, a buffer is
allocated using asprintf(3); that buffer should be freed using the
free(3) function. If len is too small, or if buf is NULL and the alloca‐
tion fails, a pointer to the string "Buffer too small" is returned.
NOTES
The number of bits processed can be different from the secret bits. For
example, an export cipher like EXP-RC4-MD5 has only 40 secret bits. The
algorithm does use the full 128 bits (which would be returned for
alg_bits), but 88 bits are fixed. The search space is hence only 40
bits.
The string returned by SSL_CIPHER_description() in case of success con‐
sists of cleartext information separated by one or more blanks in the
following sequence:
⟨ciphername⟩
Textual representation of the cipher name.
⟨protocol version⟩
Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are
flagged with SSLv3. No new ciphers were added by TLSv1.1.
Kx=⟨key exchange⟩
Key exchange method: RSA (for export ciphers as RSA(512) or
RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)),
DH/RSA, DH/DSS, Fortezza.
Au=⟨authentication⟩
Authentication method: RSA, DSS, DH, None. None is the represen‐
tation of anonymous ciphers.
Enc=⟨symmetric encryption method⟩
Encryption method with number of secret bits: DES(40), DES(56),
3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56),
RC2(128), IDEA(128), Fortezza, None.
Mac=⟨message authentication code⟩
Message digest: MD5, SHA1.
⟨export flag⟩
If the cipher is flagged exportable with respect to old US crypto
regulations, the word “export” is printed.
RETURN VALUES
See DESCRIPTION
EXAMPLES
Some examples for the output of SSL_CIPHER_description():
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168)
Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168)
Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128)
Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40)
Mac=MD5 export
A complete list can be retrieved by invoking the following command:
$ openssl ciphers -v ALL
SEE ALSOopenssl(1), ssl(3), SSL_get_ciphers(3), SSL_get_current_cipher(3)BUGS
If SSL_CIPHER_description() is called with cipher being NULL, the library
crashes.
If SSL_CIPHER_description() cannot handle a built-in cipher, the accord‐
ing description of the cipher property is "unknown". This case should
not occur.
BSD April 20, 2024 BSD
