=pod =head1 NAME SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties =head1 SYNOPSIS #include const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); int SSL_CIPHER_is_aead(const SSL_CIPHER *c); =head1 DESCRIPTION SSL_CIPHER_get_name() returns a pointer to the name of B. If the B is NULL, it returns "(NONE)". SSL_CIPHER_get_bits() returns the number of secret bits used for B. If B is NULL, 0 is returned. SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. It returns "(NONE)" if B is NULL. SSL_CIPHER_get_cipher_nid() returns the cipher NID corresponding to B. If there is no cipher (e.g. for cipher suites with no encryption) then B is returned. SSL_CIPHER_get_digest_nid() returns the digest NID corresponding to the MAC used by B. If there is no digest (e.g. for AEAD cipher suites) then B is returned. SSL_CIPHER_get_kx_nid() returns the key exchange NID corresponding to the method used by B. If there is no key exchange, then B is returned. If any appropriate key exchange algorithm can be used (as in the case of TLS 1.3 cipher suites) B is returned. Examples (not comprehensive): NID_kx_rsa NID_kx_ecdhe NID_kx_dhe NID_kx_psk SSL_CIPHER_get_auth_nid() returns the authentication NID corresponding to the method used by B. If there is no authentication, then B is returned. If any appropriate authentication algorithm can be used (as in the case of TLS 1.3 cipher suites) B is returned. Examples (not comprehensive): NID_auth_rsa NID_auth_ecdsa NID_auth_psk SSL_CIPHER_is_aead() returns 1 if the cipher B is AEAD (e.g. GCM or ChaCha20/Poly1305), and 0 if it is not AEAD. SSL_CIPHER_description() returns a textual description of the cipher used into the buffer B of length B provided. If B is provided, it must be at least 128 bytes, otherwise a buffer will be allocated using OPENSSL_malloc(). If the provided buffer is too small, or the allocation fails, B is returned. The string returned by SSL_CIPHER_description() consists of several fields separated by whitespace: =over 4 =item Textual representation of the cipher name. =item Protocol version, such as B, when the cipher was first defined. =item Kx= Key exchange method such as B, B, etc. =item Au= Authentication method such as B, B, etc.. None is the representation of anonymous ciphers. =item Enc= Encryption method, with number of secret bits, such as B. =item Mac= Message digest, such as B. =back Some examples for the output of SSL_CIPHER_description(): ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD RSA-PSK-AES256-CBC-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 =head1 HISTORY SSL_CIPHER_get_version() was updated to always return the correct protocol string in OpenSSL 1.1. SSL_CIPHER_description() was changed to return B on error, rather than a fixed string, in OpenSSL 1.1 =head1 SEE ALSO L, L, L, L =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut