Listing TLS 1.3 Ciphers
Matt Caswell
matt at openssl.org
Wed Apr 10 16:24:09 UTC 2019
On 10/04/2019 17:13, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
>> Hi All,
>>
>> I haven't found a way to list the supported openssl ciphers from the command
>> line (i.e. get the list of potential values for -ciphersuites). I understand
>> that currently there are only 5 options however this could change over time,
>> so I wanted to avoid hard coding the list in a script. Am I missing something?
>>
>> Thanks
>>
>> Rich
>
> Strangely I only see three :
>
> nix$ openssl version
> OpenSSL 1.1.1b 26 Feb 2019
> nix$ openssl ciphers -V -tls1_3 -s
> 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any
> Enc=AESGCM(256) Mac=AEAD
> 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
> Enc=CHACHA20/POLY1305(256) Mac=AEAD
> 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any
> Enc=AESGCM(128) Mac=AEAD
> nix$
>
> Very odd. I thought that there were more at one point.
>
There are 5 but only 3 are enabled by default. I'm not sure it is possible to
get "openssl ciphers" to list all of the ones it knows about. You have to
explicitly list them in the "-ciphersuites" option. Probably we should add that
capability.
Matt
More information about the openssl-users
mailing list