[openssl-users] Getting info on the ciphers supported by a client

Dr. Stephen Henson steve at openssl.org
Fri Mar 6 20:04:48 UTC 2015


On Fri, Mar 06, 2015, Christian Georg wrote:

> 
> Any recommendations on how I can solve my issues without changing the openssl code and add this manually?
> 

I'm not sure OpenSSL can do exactly what you want: 1.0.2 has an option to
return the raw ciphersuite list sent by the client. The s_server utility
will print this out if you set the -brief option. Ciphersuites OpenSSL
doesn't recognise are then printed out in hex form.

For example a recent version of Chrome shows:

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:0xCC14:0xCC13:0xCC15:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:SCSV

The three hex values correspond to:

   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = {0xcc, 0x13}
   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
   TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =     {0xcc, 0x15}

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


More information about the openssl-users mailing list