merge master
diff --git a/ChangeLog b/ChangeLog
index 2451dfd..b0fd98a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-03-29 fedor-brunner
+
+	* OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
+	  and ``get_cipher_version`` to ``Connection``.
+
 2014-03-28  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
 
 	* OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index fcc7da4..d3572dd 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -1420,6 +1420,53 @@
         if not result:
             _raise_current_error()
 
+
+    def get_cipher_name(self):
+        """
+        Obtain the name of the currently used cipher.
+
+        :returns: The name of the currently used cipher or :py:obj:`None`
+            if no connection has been established.
+        :rtype: :py:class:`str` or :py:class:`NoneType`
+        """
+        cipher = _lib.SSL_get_current_cipher(self._ssl)
+        if cipher == _ffi.NULL:
+            return None
+        else:
+            return _native(_ffi.string(_lib.SSL_CIPHER_get_name(cipher)))
+
+
+    def get_cipher_bits(self):
+        """
+        Obtain the number of secret bits of the currently used cipher.
+
+        :returns: The number of secret bits of the currently used cipher
+            or :py:obj:`None` if no connection has been established.
+        :rtype: :py:class:`int` or :py:class:`NoneType`
+        """
+        cipher = _lib.SSL_get_current_cipher(self._ssl)
+        if cipher == _ffi.NULL:
+            return None
+        else:
+            return _lib.SSL_CIPHER_get_bits(cipher, _ffi.NULL)
+
+
+    def get_cipher_version(self):
+        """
+        Obtain the protocol version of the currently used cipher.
+
+        :returns: The protocol name of the currently used cipher
+            or :py:obj:`None` if no connection has been established.
+        :rtype: :py:class:`str` or :py:class:`NoneType`
+        """
+        cipher = _lib.SSL_get_current_cipher(self._ssl)
+        if cipher == _ffi.NULL:
+            return None
+        else:
+            return _native(_ffi.string(_lib.SSL_CIPHER_get_version(cipher)))
+
+
+
 ConnectionType = Connection
 
 # This is similar to the initialization calls at the end of OpenSSL/crypto.py
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index a6f0127..1f9f5c4 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1932,6 +1932,80 @@
 
     # XXX want_read
 
+    def test_get_cipher_name_before_connect(self):
+        """
+        :py:obj:`Connection.get_cipher_name` returns  :py:obj:`None`
+        if no connection has been established.
+        """
+        ctx = Context(TLSv1_METHOD)
+        conn = Connection(ctx, None)
+        self.assertTrue(conn.get_cipher_name() is None)
+
+
+    def test_get_cipher_name(self):
+        """
+        :py:obj:`Connection.get_cipher_name` returns the name of the currently
+        used cipher.
+        """
+        server, client = self._loopback()
+        server_cipher_name, client_cipher_name = \
+            server.get_cipher_name(), client.get_cipher_name()
+
+        self.assertIsInstance(server_cipher_name, str)
+        self.assertIsInstance(client_cipher_name, str)
+
+        self.assertEqual(server_cipher_name, client_cipher_name)
+
+
+    def test_get_cipher_version_before_connect(self):
+        """
+        :py:obj:`Connection.get_cipher_version` returns :py:obj:`None`
+        if no connection has been established.
+        """
+        ctx = Context(TLSv1_METHOD)
+        conn = Connection(ctx, None)
+        self.assertTrue(conn.get_cipher_version() is None)
+
+
+    def test_get_cipher_version(self):
+        """
+        :py:obj:`Connection.get_cipher_version` returns the protocol name of the currently
+        used cipher.
+        """
+        server, client = self._loopback()
+        server_cipher_version, client_cipher_version = \
+            server.get_cipher_version(), client.get_cipher_version()
+
+        self.assertIsInstance(server_cipher_version, str)
+        self.assertIsInstance(client_cipher_version, str)
+
+        self.assertEqual(server_cipher_version, client_cipher_version)
+
+
+    def test_get_cipher_bits_before_connect(self):
+        """
+        :py:obj:`Connection.get_cipher_bits` returns :py:obj:`None`
+        if no connection has been established.
+        """
+        ctx = Context(TLSv1_METHOD)
+        conn = Connection(ctx, None)
+        self.assertTrue(conn.get_cipher_bits() is None)
+
+
+    def test_get_cipher_bits(self):
+        """
+        :py:obj:`Connection.get_cipher_bits` returns the number of secret bits of the currently
+        used cipher.
+        """
+        server, client = self._loopback()
+        server_cipher_bits, client_cipher_bits = \
+            server.get_cipher_bits(), client.get_cipher_bits()
+
+        self.assertIsInstance(server_cipher_bits, int)
+        self.assertIsInstance(client_cipher_bits, int)
+
+        self.assertEqual(server_cipher_bits, client_cipher_bits)
+
 
 
 class ConnectionGetCipherListTests(TestCase):
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index da7cfb7..1fed8d3 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -759,6 +759,23 @@
 
     .. versionadded:: 0.14
 
+.. py:method:: Connection.get_cipher_name()
+
+    Obtain the name of the currently used cipher.
+
+    .. versionadded:: 0.15
+
+.. py:method:: Connection.get_cipher_bits()
+
+    Obtain the number of secret bits of the currently used cipher.
+
+    .. versionadded:: 0.15
+
+.. py:method:: Connection.get_cipher_version()
+
+    Obtain the protocol name of the currently used cipher.
+
+    .. versionadded:: 0.15
 
 .. Rubric:: Footnotes
 
diff --git a/setup.py b/setup.py
index 058ad7b..3e7605d 100755
--- a/setup.py
+++ b/setup.py
@@ -34,7 +34,7 @@
       maintainer_email = 'exarkun@twistedmatrix.com',
       url = 'https://github.com/pyca/pyopenssl',
       license = 'APL2',
-      install_requires=["cryptography>=0.2.1", "six>=1.5.2"],
+      install_requires=["cryptography>=0.2.2", "six>=1.5.2"],
       long_description = """\
 High-level wrapper around a subset of the OpenSSL library, includes
  * SSL.Connection objects, wrapping the methods of Python's portable