[openssl-users] Missing ciphers

Matt Caswell matt at openssl.org
Thu Nov 5 00:06:53 UTC 2015



On 05/11/15 00:01, Viktor Dukhovni wrote:
> On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote:
> 
>> I find that I'm missing many ciphers when I interrogate my openssl service.
>>
>> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443
>> -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl
>> ciphers -V TLSv1.2'.
>>
>> How do I get the rest of these ciphers enabled?
> 
> Only ciphers found in the "DEFAULT" cipherlist that are compatible
> with your server certificate algorithm will be enabled in your
> server.

Note that in this case an explicit cipher string of TLSv1.2 has been
set. This *includes* some ciphersuites that are not in DEFAULT, e.g.
some eNULL based ciphersuites

Matt


More information about the openssl-users mailing list