[openssl-users] Supported cipher suites

Viktor Dukhovni openssl-users at dukhovni.org
Thu Nov 16 07:00:04 UTC 2017

> On Nov 16, 2017, at 1:51 AM, Grace Priscilla Jero <grace.priscilla at gmail.com> wrote:
> How to check the default ciphers? We are not setting any ciphers in our code.

What specifically are you looking for?

The cipherlist sent to the server depends in part on which protocols
are enabled in the client, and as of OpenSSL 1.1.0 also on the "security
level" (default 1).  PSK and SRP ciphers require an application callback
to provide shared secrets and so are not used in most applications.

The "openssl ciphers" command (see the manpage) lists the ciphers that
match either the DEFAULT or some explicit cipher string.  With OpenSSL
1.1.0 you can specify a TLS protocol versions and see only the ciphers
compatible with that protocol version.

In the upcoming TLS 1.3 the ciphers are completely different from
previous versions, and configuration via cipher strings was not
implemented last I looked.  This may have changed...


More information about the openssl-users mailing list