from small one page howto to huge articles all in one place
 

search text in:





Poll
Which kernel version do you use?





poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

194569

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

251893

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

140716

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





SSL_CIPHER_get_name

Section: OpenSSL (3)
Updated: 2017-05-25
Index Return to Main Contents
 

NAME

SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties  

SYNOPSIS

 #include <openssl/ssl.h>

 const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
 int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
 char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);

 

DESCRIPTION

SSL_CIPHER_get_name() returns a pointer to the name of cipher. If the argument is the NULL pointer, a pointer to the constant value ``NONE'' is returned.

SSL_CIPHER_get_bits() returns the number of secret bits used for cipher. If alg_bits is not NULL, it contains the number of bits processed by the chosen algorithm. If cipher is NULL, 0 is returned.

SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. This is currently SSLv2 or TLSv1/SSLv3. In some cases it should possibly return ``TLSv1.2'' but does not; use SSL_CIPHER_description() instead. If cipher is NULL, ``(NONE)'' is returned.

SSL_CIPHER_description() returns a textual description of the cipher used into the buffer buf of length len provided. len must be at least 128 bytes, otherwise a pointer to the string ``Buffer too small'' is returned. If buf is NULL, a buffer of 128 bytes is allocated using OPENSSL_malloc(). If the allocation fails, a pointer to the string ``OPENSSL_malloc Error'' is returned.  

NOTES

The number of bits processed can be different from the secret bits. An export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for alg_bits), of which however 88bits are fixed. The search space is hence only 40 bits.

The string returned by SSL_CIPHER_description() in case of success consists of cleartext information separated by one or more blanks in the following sequence:

<ciphername>
Textual representation of the cipher name.
<protocol version>
Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1.
Kx=<key exchange>
Key exchange method: RSA (for export ciphers as RSA(512) or RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)), DH/RSA, DH/DSS, Fortezza.
Au=<authentication>
Authentication method: RSA, DSS, DH, None. None is the representation of anonymous ciphers.
Enc=<symmetric encryption method>
Encryption method with number of secret bits: DES(40), DES(56), 3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56), RC2(128), IDEA(128), Fortezza, None.
Mac=<message authentication code>
Message digest: MD5, SHA1.
<export flag>
If the cipher is flagged exportable with respect to old US crypto regulations, the word "export" is printed.
 

EXAMPLES

Some examples for the output of SSL_CIPHER_description():

 EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
 EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
 RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
 EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

A comp[lete list can be retrieved by invoking the following command:

 openssl ciphers -v ALL

 

BUGS

If SSL_CIPHER_description() is called with cipher being NULL, the library crashes.

If SSL_CIPHER_description() cannot handle a built-in cipher, the according description of the cipher property is unknown. This case should not occur.

The standard terminology for ephemeral Diffie-Hellman schemes is DHE (finite field) or ECDHE (elliptic curve). This version of OpenSSL idiosyncratically reports these schemes as EDH and EECDH, even though it also accepts the standard terminology.

It is recommended to use the standard terminology (DHE and ECDHE) during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of configuration. OpenSSL versions after 1.0.2 will report the standard terms via SSL_CIPHER_get_name and SSL_CIPHER_description.  

RETURN VALUES

See DESCRIPTION  

SEE ALSO

ssl(3), SSL_get_current_cipher(3), SSL_get_ciphers(3), ciphers(1), SSL_CTX_set_cipher_list(3)


 

Index

NAME
SYNOPSIS
DESCRIPTION
NOTES
EXAMPLES
BUGS
RETURN VALUES
SEE ALSO





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 13.9 ms