SSL_CIPHER_get_name(3) OpenSSL SSL_CIPHER_get_name(3) NNAAMMEE SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties SSYYNNOOPPSSIISS #include const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); DDEESSCCRRIIPPTTIIOONN _S_S_L___C_I_P_H_E_R___g_e_t___n_a_m_e_(_) returns a pointer to the name of cciipphheerr. If the argument is the NULL pointer, a pointer to the constant value "NONE" is returned. _S_S_L___C_I_P_H_E_R___g_e_t___b_i_t_s_(_) returns the number of secret bits used for cciipphheerr. If aallgg__bbiittss is not NULL, it contains the number of bits pro- cessed by the chosen algorithm. If cciipphheerr is NULL, 0 is returned. _S_S_L___C_I_P_H_E_R___g_e_t___v_e_r_s_i_o_n_(_) returns string which indicates the SSL/TLS protocol version that first defined the cipher. This is currently SSSSLLvv22 or TTLLSSvv11//SSSSLLvv33. In some cases it should possibly return "TLSv1.2" but does not; use _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_) instead. If cciipphheerr is NULL, "(NONE)" is returned. _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_) returns a textual description of the cipher used into the buffer bbuuff of length lleenn provided. lleenn must be at least 128 bytes, otherwise a pointer to the string "Buffer too small" is returned. If bbuuff is NULL, a buffer of 128 bytes is allocated using _O_P_E_N_S_S_L___m_a_l_l_o_c_(_). If the allocation fails, a pointer to the string "OPENSSL_malloc Error" is returned. NNOOTTEESS The number of bits processed can be different from the secret bits. An export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algo- rithm does use the full 128 bits (which would be returned for aallgg__bbiittss), of which however 88bits are fixed. The search space is hence only 40 bits. The string returned by _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_) in case of success con- sists of cleartext information separated by one or more blanks in the following sequence: Textual representation of the cipher name. Protocol version: SSSSLLvv22, SSSSLLvv33, TTLLSSvv11..22. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. Kx= Key exchange method: RRSSAA (for export ciphers as RRSSAA((551122)) or RRSSAA((11002244))), DDHH (for export ciphers as DDHH((551122)) or DDHH((11002244))), DDHH//RRSSAA, DDHH//DDSSSS, FFoorrtteezzzzaa. Au= Authentication method: RRSSAA, DDSSSS, DDHH, NNoonnee. None is the representa- tion of anonymous ciphers. Enc= Encryption method with number of secret bits: DDEESS((4400)), DDEESS((5566)), 33DDEESS((116688)), RRCC44((4400)), RRCC44((5566)), RRCC44((6644)), RRCC44((112288)), RRCC22((4400)), RRCC22((5566)), RRCC22((112288)), IIDDEEAA((112288)), FFoorrtteezzzzaa, NNoonnee. Mac= Message digest: MMDD55, SSHHAA11. If the cipher is flagged exportable with respect to old US crypto regulations, the word "eexxppoorrtt" is printed. EEXXAAMMPPLLEESS Some examples for the output of _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_): EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export A comp[lete list can be retrieved by invoking the following command: openssl ciphers -v ALL BBUUGGSS If _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_) is called with cciipphheerr being NULL, the library crashes. If _S_S_L___C_I_P_H_E_R___d_e_s_c_r_i_p_t_i_o_n_(_) cannot handle a built-in cipher, the according description of the cipher property is uunnkknnoowwnn. This case should not occur. The standard terminology for ephemeral Diffie-Hellman schemes is DHE (finite field) or ECDHE (elliptic curve). This version of OpenSSL idiosyncratically reports these schemes as EDH and EECDH, even though it also accepts the standard terminology. It is recommended to use the standard terminology (DHE and ECDHE) dur- ing configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of configuration. OpenSSL versions after 1.0.2 will report the standard terms via SSL_CIPHER_get_name and SSL_CIPHER_description. RREETTUURRNN VVAALLUUEESS See DESCRIPTION SSEEEE AALLSSOO _s_s_l(3), _S_S_L___g_e_t___c_u_r_r_e_n_t___c_i_p_h_e_r(3), _S_S_L___g_e_t___c_i_p_h_e_r_s(3), _c_i_p_h_e_r_s(1), _S_S_L___C_T_X___s_e_t___c_i_p_h_e_r___l_i_s_t(3) 1.0.2u 2019-12-20 SSL_CIPHER_get_name(3)