[openssl-users] Getting info on the ciphers supported by a client

Dr. Stephen Henson steve at openssl.org
Fri Mar 6 20:04:48 UTC 2015

On Fri, Mar 06, 2015, Christian Georg wrote:

> Any recommendations on how I can solve my issues without changing the openssl code and add this manually?

I'm not sure OpenSSL can do exactly what you want: 1.0.2 has an option to
return the raw ciphersuite list sent by the client. The s_server utility
will print this out if you set the -brief option. Ciphersuites OpenSSL
doesn't recognise are then printed out in hex form.

For example a recent version of Chrome shows:


The three hex values correspond to:

   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = {0xcc, 0x13}
   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
   TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =     {0xcc, 0x15}

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list