[openssl-users] Missing ciphers

Viktor Dukhovni openssl-users at dukhovni.org
Thu Nov 5 00:01:31 UTC 2015


On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote:

> I find that I'm missing many ciphers when I interrogate my openssl service.
> 
> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443
> -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl
> ciphers -V TLSv1.2'.
> 
> How do I get the rest of these ciphers enabled?

Only ciphers found in the "DEFAULT" cipherlist that are compatible
with your server certificate algorithm will be enabled in your
server.

For example, if you only configured an RSA certificate, you won't
be using ECDSA, DSA, kECDH, kDH, PSK or SRP ciphers.  Nor eNULL or
aNULL ciphers...

So you should not expect to see many ciphers, and this is typically
for the best.

-- 
	Viktor.


More information about the openssl-users mailing list