DragonFly On-Line Manual Pages
SSL_CIPHER_get_name(3) OpenSSL SSL_CIPHER_get_name(3)
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
SSL_CIPHER_description - get SSL_CIPHER properties
const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the
argument is the NULL pointer, a pointer to the constant value "NONE" is
SSL_CIPHER_get_bits() returns the number of secret bits used for
cipher. If alg_bits is not NULL, it contains the number of bits
processed by the chosen algorithm. If cipher is NULL, 0 is returned.
SSL_CIPHER_get_version() returns string which indicates the SSL/TLS
protocol version that first defined the cipher. This is currently
SSLv2 or TLSv1/SSLv3. In some cases it should possibly return
"TLSv1.2" but does not; use SSL_CIPHER_description() instead. If
cipher is NULL, "(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of the cipher
used into the buffer buf of length len provided. len must be at least
128 bytes, otherwise a pointer to the string "Buffer too small" is
returned. If buf is NULL, a buffer of 128 bytes is allocated using
OPENSSL_malloc(). If the allocation fails, a pointer to the string
"OPENSSL_malloc Error" is returned.
The number of bits processed can be different from the secret bits. An
export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The
algorithm does use the full 128 bits (which would be returned for
alg_bits), of which however 88bits are fixed. The search space is hence
only 40 bits.
The string returned by SSL_CIPHER_description() in case of success
consists of cleartext information separated by one or more blanks in
the following sequence:
Textual representation of the cipher name.
Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are
flagged with SSLv3. No new ciphers were added by TLSv1.1.
Key exchange method: RSA (for export ciphers as RSA(512) or
RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)), DH/RSA,
Authentication method: RSA, DSS, DH, None. None is the
representation of anonymous ciphers.
Enc=<symmetric encryption method>
Encryption method with number of secret bits: DES(40), DES(56),
3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56),
RC2(128), IDEA(128), Fortezza, None.
Mac=<message authentication code>
Message digest: MD5, SHA1.
If the cipher is flagged exportable with respect to old US crypto
regulations, the word "export" is printed.
Some examples for the output of SSL_CIPHER_description():
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
A comp[lete list can be retrieved by invoking the following command:
openssl ciphers -v ALL
If SSL_CIPHER_description() is called with cipher being NULL, the
If SSL_CIPHER_description() cannot handle a built-in cipher, the
according description of the cipher property is unknown. This case
should not occur.
The standard terminology for ephemeral Diffie-Hellman schemes is DHE
(finite field) or ECDHE (elliptic curve). This version of OpenSSL
idiosyncratically reports these schemes as EDH and EECDH, even though
it also accepts the standard terminology.
It is recommended to use the standard terminology (DHE and ECDHE)
during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of
configuration. OpenSSL versions after 1.0.2 will report the standard
terms via SSL_CIPHER_get_name and SSL_CIPHER_description.
ssl(3), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1),
1.0.2h 2016-05-03 SSL_CIPHER_get_name(3)