/usr/man/cat.3/SSL_CIPHER_get_bits.3(/usr/man/cat.3/SSL_CIPHER_get_bits.3)
SSL_CIPHER_get_name(3) OpenSSL SSL_CIPHER_get_name(3)
NAME
SSL_CIPHER_get_name, SSL_CIPHER_get_bits,
SSL_CIPHER_get_version, SSL_CIPHER_description - get
SSL_CIPHER properties
SYNOPSIS
#include <openssl/ssl.h>
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
DESCRIPTION
SSL_CIPHER_get_name() returns a pointer to the name of
cipher. If the argument is the NULL pointer, a pointer to
the constant value "NONE" is returned.
SSL_CIPHER_get_bits() returns the number of secret bits used
for cipher. If alg_bits is not NULL, it contains the number
of bits processed by the chosen algorithm. If cipher is
NULL, 0 is returned.
SSL_CIPHER_get_version() returns string which indicates the
SSL/TLS protocol version that first defined the cipher.
This is currently SSLv2 or TLSv1/SSLv3. In some cases it
should possibly return "TLSv1.2" but does not; use
SSL_CIPHER_description() instead. If cipher is NULL,
"(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of
the cipher used into the buffer buf of length len provided.
len must be at least 128 bytes, otherwise a pointer to the
string "Buffer too small" is returned. If buf is NULL, a
buffer of 128 bytes is allocated using OPENSSL_malloc(). If
the allocation fails, a pointer to the string
"OPENSSL_malloc Error" is returned.
NOTES
The number of bits processed can be different from the
secret bits. An export cipher like e.g. EXP-RC4-MD5 has only
40 secret bits. The algorithm does use the full 128 bits
(which would be returned for alg_bits), of which however
88bits are fixed. The search space is hence only 40 bits.
The string returned by SSL_CIPHER_description() in case of
success consists of cleartext information separated by one
or more blanks in the following sequence:
<ciphername>
Textual representation of the cipher name.
1.0.2t Last change: 2019-09-10 1
SSL_CIPHER_get_name(3) OpenSSL SSL_CIPHER_get_name(3)
<protocol version>
Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0
ciphers are flagged with SSLv3. No new ciphers were
added by TLSv1.1.
Kx=<key exchange>
Key exchange method: RSA (for export ciphers as RSA(512)
or RSA(1024)), DH (for export ciphers as DH(512) or
DH(1024)), DH/RSA, DH/DSS, Fortezza.
Au=<authentication>
Authentication method: RSA, DSS, DH, None. None is the
representation of anonymous ciphers.
Enc=<symmetric encryption method>
Encryption method with number of secret bits: DES(40),
DES(56), 3DES(168), RC4(40), RC4(56), RC4(64), RC4(128),
RC2(40), RC2(56), RC2(128), IDEA(128), Fortezza, None.
Mac=<message authentication code>
Message digest: MD5, SHA1.
<export flag>
If the cipher is flagged exportable with respect to old
US crypto regulations, the word "export" is printed.
EXAMPLES
Some examples for the output of SSL_CIPHER_description():
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
A comp[lete list can be retrieved by invoking the following
command:
openssl ciphers -v ALL
BUGS
If SSL_CIPHER_description() is called with cipher being
NULL, the library crashes.
If SSL_CIPHER_description() cannot handle a built-in cipher,
the according description of the cipher property is unknown.
This case should not occur.
The standard terminology for ephemeral Diffie-Hellman
schemes is DHE (finite field) or ECDHE (elliptic curve).
This version of OpenSSL idiosyncratically reports these
schemes as EDH and EECDH, even though it also accepts the
standard terminology.
1.0.2t Last change: 2019-09-10 2
SSL_CIPHER_get_name(3) OpenSSL SSL_CIPHER_get_name(3)
It is recommended to use the standard terminology (DHE and
ECDHE) during configuration (e.g. via
SSL_CTX_set_cipher_list) for clarity of configuration.
OpenSSL versions after 1.0.2 will report the standard terms
via SSL_CIPHER_get_name and SSL_CIPHER_description.
RETURN VALUES
See DESCRIPTION
SEE ALSO
ssl(3), SSL_get_current_cipher(3), SSL_get_ciphers(3),
ciphers(1), SSL_CTX_set_cipher_list(3)
1.0.2t Last change: 2019-09-10 3
See also SSL_CIPHER_description(3)
See also SSL_CIPHER_get_name(3)
See also SSL_CIPHER_get_version(3)
Man(1) output converted with
man2html