[openssl-users] Supported cipher suites

Michael Wojcik Michael.Wojcik at microfocus.com
Thu Nov 16 13:28:09 UTC 2017

> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Grace Priscilla Jero
> Sent: Wednesday, November 15, 2017 09:42
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] Supported cipher suites

> Some of them that we tried does not work. Is there any additional criteria for it to work.
> I read about some PSK ciphers which I am not sure depends on something else.

PSK stands for "Pre-Shared Key", because the PSK suites require sharing a key before you can use them.

Trying to test suites without knowing what they are is a bad idea. Why are you trying to do that? Would you operate a machine without knowing what it does?

If you really want to test *all* the supported suites, I would suggest you first acquire an in-depth knowlege of TLS, perhaps by reading the books by Eric Rescorla and Ivan Ristic; then read through the specifications for each of the suites you want to test; study background material on the algorithms and protocols they use as necessary. Then familiarize yourself with the relevant parts of OpenSSL by reading the OpenSSL documentation and wiki. Then you'll be in a good position to try all the suites. You'll also know more about TLS than all but a handful of people, which ought to be good for your career prospects.

The downside is that it would likely take months of intense study, even for a fast learner with the requisite technical background. So perhaps a better option is not trying to test the obscure suites.

Michael Wojcik 
Distinguished Engineer, Micro Focus 

More information about the openssl-users mailing list