.\" .\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ .\" .Dd $Mdocdate: December 2 2014 $ .Dt SSL_CIPHER_GET_NAME 3 .Os .Sh NAME .Nm SSL_CIPHER_get_name , .Nm SSL_CIPHER_get_bits , .Nm SSL_CIPHER_get_version , .Nm SSL_CIPHER_description .Nd get SSL_CIPHER properties .Sh SYNOPSIS .In openssl/ssl.h .Ft const char * .Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher" .Ft int .Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits" .Ft char * .Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher" .Ft char * .Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size" .Sh DESCRIPTION .Fn SSL_CIPHER_get_name returns a pointer to the name of .Fa cipher . If the argument is the .Dv NULL pointer, a pointer to the constant value .Qq NONE is returned. .Pp .Fn SSL_CIPHER_get_bits returns the number of secret bits used for .Fa cipher . If .Fa alg_bits is not .Dv NULL , it contains the number of bits processed by the chosen algorithm. If .Fa cipher is .Dv NULL , 0 is returned. .Pp .Fn SSL_CIPHER_get_version returns a string which indicates the SSL/TLS protocol version that first defined the cipher. This is currently .Qq SSLv2 or .Qq TLSv1/SSLv3 . In some cases it should possibly return .Qq TLSv1.2 but the function does not; use .Xr SSL_CIPHER_description 3 instead. If .Fa cipher is .Dv NULL , .Qq (NONE) is returned. .Pp .Fn SSL_CIPHER_description returns a textual description of the cipher used into the buffer .Fa buf of length .Fa len provided. If .Fa buf is .Dv NULL , a buffer is allocated using .Xr asprintf 3 ; that buffer should be freed using the .Xr free 3 function. If .Fa len is too small, or if .Fa buf is .Dv NULL and the allocation fails, a pointer to the string .Qq Buffer too small is returned. .Sh NOTES The number of bits processed can be different from the secret bits. For example, an export cipher like EXP-RC4-MD5 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for .Fa alg_bits ) , but 88 bits are fixed. The search space is hence only 40 bits. .Pp The string returned by .Fn SSL_CIPHER_description in case of success consists of cleartext information separated by one or more blanks in the following sequence: .Bl -tag -width Ds .It Aq Ar ciphername Textual representation of the cipher name. .It Aq Ar protocol version Protocol version: .Em SSLv2 , .Em SSLv3 , .Em TLSv1.2 . The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. .It Kx= Ns Aq Ar key exchange Key exchange method: .Em RSA (for export ciphers as .Em RSA(512) or .Em RSA(1024) ) , .Em DH (for export ciphers as .Em DH(512) or .Em DH(1024) ) , .Em DH/RSA , .Em DH/DSS , .Em Fortezza . .It Au= Ns Aq Ar authentication Authentication method: .Em RSA , .Em DSS , .Em DH , .Em None . .Em None is the representation of anonymous ciphers. .It Enc= Ns Aq Ar symmetric encryption method Encryption method with number of secret bits: .Em DES(40) , .Em DES(56) , .Em 3DES(168) , .Em RC4(40) , .Em RC4(56) , .Em RC4(64) , .Em RC4(128) , .Em RC2(40) , .Em RC2(56) , .Em RC2(128) , .Em IDEA(128) , .Em Fortezza , .Em None . .It Mac= Ns Aq Ar message authentication code Message digest: .Em MD5 , .Em SHA1 . .It Aq Ar export flag If the cipher is flagged exportable with respect to old US crypto regulations, the word .Dq export is printed. .El .Sh RETURN VALUES See .Sx DESCRIPTION .Sh EXAMPLES Some examples for the output of .Fn SSL_CIPHER_description : .D1 "EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1" .D1 "EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1" .D1 "RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5" .D1 "EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export" .Pp A complete list can be retrieved by invoking the following command: .Pp .Dl $ openssl ciphers -v ALL .Sh SEE ALSO .Xr openssl 1 , .Xr ssl 3 , .Xr SSL_get_ciphers 3 , .Xr SSL_get_current_cipher 3 .Sh BUGS If .Fn SSL_CIPHER_description is called with .Fa cipher being .Dv NULL , the library crashes. .Pp If .Fn SSL_CIPHER_description cannot handle a built-in cipher, the according description of the cipher property is .Qq unknown . This case should not occur.