NAME
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version,
  SSL_CIPHER_description - get SSL_CIPHER properties
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
 #include <openssl/ssl.h>
 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
 int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
 char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
DESCRIPTION
SSL_CIPHER_get_name() returns a pointer to the name of 
cipher. If
  the argument is the NULL pointer, a pointer to the constant value
  "NONE" is returned.
SSL_CIPHER_get_bits() returns the number of secret bits used for
  
cipher. If 
alg_bits is not NULL, it contains the number of bits
  processed by the chosen algorithm. If 
cipher is NULL, 0 is returned.
SSL_CIPHER_get_version() returns string which indicates the SSL/TLS
  protocol version that first defined the cipher. This is currently 
SSLv2
  or 
TLSv1/SSLv3. In some cases it should possibly return
  "TLSv1.2" but does not; use 
SSL_CIPHER_description() instead.
  If 
cipher is NULL, "(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of the cipher used
  into the buffer 
buf of length 
len provided. 
len must be
  at least 128 bytes, otherwise a pointer to the string "Buffer too
  small" is returned. If 
buf is NULL, a buffer of 128 bytes is
  allocated using 
OPENSSL_malloc(). If the allocation fails, a pointer to
  the string "OPENSSL_malloc Error" is returned.
NOTES
The number of bits processed can be different from the secret bits. An export
  cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm does use
  the full 128 bits (which would be returned for 
alg_bits), of which
  however 88bits are fixed. The search space is hence only 40 bits.
The string returned by 
SSL_CIPHER_description() in case of success
  consists of cleartext information separated by one or more blanks in the
  following sequence:
  - <ciphername>
- Textual representation of the cipher name.
  - <protocol version>
- Protocol version: SSLv2, SSLv3,
      TLSv1.2. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers
      were added by TLSv1.1.
  - Kx=<key exchange>
- Key exchange method: RSA (for export ciphers as
      RSA(512) or RSA(1024)), DH (for export ciphers as
      DH(512) or DH(1024)), DH/RSA, DH/DSS,
      Fortezza.
  - Au=<authentication>
- Authentication method: RSA, DSS, DH,
      None. None is the representation of anonymous ciphers.
  - Enc=<symmetric encryption method>
- Encryption method with number of secret bits:
      DES(40), DES(56), 3DES(168), RC4(40),
      RC4(56), RC4(64), RC4(128), RC2(40),
      RC2(56), RC2(128), IDEA(128), Fortezza,
      None.
  - Mac=<message authentication code>
- Message digest: MD5, SHA1.
  - <export flag>
- If the cipher is flagged exportable with respect to old US
      crypto regulations, the word " export" is printed.
EXAMPLES
Some examples for the output of 
SSL_CIPHER_description():
 EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
 EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
 RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
 EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
A comp[lete list can be retrieved by invoking the following command:
 openssl ciphers -v ALL
BUGS
If 
SSL_CIPHER_description() is called with 
cipher being NULL, the
  library crashes.
If 
SSL_CIPHER_description() cannot handle a built-in cipher, the
  according description of the cipher property is 
unknown. This case
  should not occur.
The standard terminology for ephemeral Diffie-Hellman schemes is DHE (finite
  field) or ECDHE (elliptic curve). This version of OpenSSL idiosyncratically
  reports these schemes as EDH and EECDH, even though it also accepts the
  standard terminology.
It is recommended to use the standard terminology (DHE and ECDHE) during
  configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of configuration.
  OpenSSL versions after 1.0.2 will report the standard terms via
  SSL_CIPHER_get_name and SSL_CIPHER_description.
RETURN VALUES
See DESCRIPTION
SEE ALSO
ssl(3), 
SSL_get_current_cipher(3), 
SSL_get_ciphers(3),
  
openssl_ciphers(1), 
SSL_CTX_set_cipher_list(3)