[openssl-users] Missing ciphers

Matt Caswell matt at openssl.org
Thu Nov 5 00:04:05 UTC 2015

On 04/11/15 23:53, Steve Topletz wrote:
> I find that I'm missing many ciphers when I interrogate my openssl service.
> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl ciphers -V TLSv1.2'.
> How do I get the rest of these ciphers enabled?

The ciphers available are a combination of your cipher string (in this
case "TLSv1.2") and the rest of your configuration. If you only supply
an RSA cert then you won't get any ciphersuites that require DSS, ECDSA,
DH or ECDH certificates. You can supply more than one certificate type
if you wish (see -dcert and -dkey). Also if you don't set a pre shared
key (-psk option) then you won't get any PSK ciphersuites.


More information about the openssl-users mailing list