The number of bits processed can be different from the secret bits. An export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm does use the full 128 bits (which would be returned for
alg_bits), of which however 88bits are fixed. The search space is hence only 40 bits.The string returned by SSL_CIPHER_description() in case of success consists of cleartext information separated by one or more blanks in the following sequence:
<ciphername>
Textual representation of the cipher name.
<protocol version>
Protocol version: SSLv2, SSLv3. The TLSv1 ciphers are flagged with SSLv3.
Kx=<key exchange>
Key exchange method: RSA (for export ciphers as RSA(512) or RSA(1024)), DH (for export ciphers as DH(512) or DH(1024)), DH/RSA, DH/DSS, Fortezza.
Au=<authentication>
Authentication method: RSA, DSS, DH, None. None is the representation of anonymous ciphers.
Enc=<symmetric encryption method>
Encryption method with number of secret bits: DES(40), DES(56), 3DES(168), RC4(40), RC4(56), RC4(64), RC4(128), RC2(40), RC2(56), RC2(128), IDEA(128), Fortezza, None.
Mac=<message authentication code>
Message digest: MD5, SHA1.
<export flag>
If the cipher is flagged exportable with respect to old US crypto regulations, the word " export" is printed.