[openssl-users] cipher suites

Viktor Dukhovni openssl-users at dukhovni.org
Fri Oct 26 22:47:27 UTC 2018

You don't have to call either.  Both have sensible defaults.
Especially, with TLS 1.3, there is generally little reason
to choose non-default ciphers.

> On Oct 26, 2018, at 6:12 PM, Skip Carter <skip at taygeta.com> wrote:
> If my application will support both TLSv1.2 and TLSv1.3 connections to
> it (depending who is connecting), do I have to call both
> SSL_CTX_set_ciphersuites() and SSL_CTX_set_cipher_list() when setting
> up my context?

If you're doing something unusual, or provide a configurable interface
with optional overrides of the ciphers to the application users, you
can customize either or both lists.


More information about the openssl-users mailing list