HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /usr/local/openssl/man/man3/
Upload Files
File: //usr/local/openssl/man/man3/SSL_CIPHER_get_bits.3
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
.TH SSL_CIPHER_get_name 3 2019-12-20 1.0.2u OpenSSL
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get SSL_CIPHER properties
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ssl.h>
\&
\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
argument is the NULL pointer, a pointer to the constant value "NONE" is
returned.
.PP
\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If
\&\fBalg_bits\fR is not NULL, it contains the number of bits processed by the
chosen algorithm. If \fBcipher\fR is NULL, 0 is returned.
.PP
\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the SSL/TLS protocol
version that first defined the cipher.
This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR.
In some cases it should possibly return "TLSv1.2" but does not;
use \fBSSL_CIPHER_description()\fR instead.
If \fBcipher\fR is NULL, "(NONE)" is returned.
.PP
\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used
into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least
128 bytes, otherwise a pointer to the string "Buffer too small" is
returned. If \fBbuf\fR is NULL, a buffer of 128 bytes is allocated using
\&\fBOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string
"OPENSSL_malloc Error" is returned.
.SH NOTES
.IX Header "NOTES"
The number of bits processed can be different from the secret bits. An
export cipher like e.g. EXP\-RC4\-MD5 has only 40 secret bits. The algorithm
does use the full 128 bits (which would be returned for \fBalg_bits\fR), of
which however 88bits are fixed. The search space is hence only 40 bits.
.PP
The string returned by \fBSSL_CIPHER_description()\fR in case of success consists
of cleartext information separated by one or more blanks in the following
sequence:
.IP <ciphername> 4
.IX Item "<ciphername>"
Textual representation of the cipher name.
.IP "<protocol version>" 4
.IX Item "<protocol version>"
Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are
flagged with SSLv3. No new ciphers were added by TLSv1.1.
.IP "Kx=<key exchange>" 4
.IX Item "Kx=<key exchange>"
Key exchange method: \fBRSA\fR (for export ciphers as \fBRSA(512)\fR or
\&\fBRSA(1024)\fR), \fBDH\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR),
\&\fBDH/RSA\fR, \fBDH/DSS\fR, \fBFortezza\fR.
.IP Au=<authentication> 4
.IX Item "Au=<authentication>"
Authentication method: \fBRSA\fR, \fBDSS\fR, \fBDH\fR, \fBNone\fR. None is the
representation of anonymous ciphers.
.IP "Enc=<symmetric encryption method>" 4
.IX Item "Enc=<symmetric encryption method>"
Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR,
\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR,
\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR.
.IP "Mac=<message authentication code>" 4
.IX Item "Mac=<message authentication code>"
Message digest: \fBMD5\fR, \fBSHA1\fR.
.IP "<export flag>" 4
.IX Item "<export flag>"
If the cipher is flagged exportable with respect to old US crypto
regulations, the word "\fBexport\fR" is printed.
.SH EXAMPLES
.IX Header "EXAMPLES"
Some examples for the output of \fBSSL_CIPHER_description()\fR:
.PP
.Vb 4
\& EDH\-RSA\-DES\-CBC3\-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
\& EDH\-DSS\-DES\-CBC3\-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
\& RC4\-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
\& EXP\-RC4\-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
.Ve
.PP
A comp[lete list can be retrieved by invoking the following command:
.PP
.Vb 1
\& openssl ciphers \-v ALL
.Ve
.SH BUGS
.IX Header "BUGS"
If \fBSSL_CIPHER_description()\fR is called with \fBcipher\fR being NULL, the
library crashes.
.PP
If \fBSSL_CIPHER_description()\fR cannot handle a built-in cipher, the according
description of the cipher property is \fBunknown\fR. This case should not
occur.
.PP
The standard terminology for ephemeral Diffie-Hellman schemes is DHE
(finite field) or ECDHE (elliptic curve).  This version of OpenSSL
idiosyncratically reports these schemes as EDH and EECDH, even though
it also accepts the standard terminology.
.PP
It is recommended to use the standard terminology (DHE and ECDHE)
during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of
configuration.  OpenSSL versions after 1.0.2 will report the standard
terms via SSL_CIPHER_get_name and SSL_CIPHER_description.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
See DESCRIPTION
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBssl\fR\|(3), \fBSSL_get_current_cipher\fR\|(3),
\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1),
\&\fBSSL_CTX_set_cipher_list\fR\|(3)
@ Telegram