Listing TLS 1.3 Ciphers
bkaduk at akamai.com
Wed Apr 10 16:25:09 UTC 2019
On Wed, Apr 10, 2019 at 12:13:27PM -0400, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
> >Hi All,
> >I haven't found a way to list the supported openssl ciphers from the
> >command line (i.e. get the list of potential values for -ciphersuites). I
> >understand that currently there are only 5 options however this could
> >change over time, so I wanted to avoid hard coding the list in a script.
> >Am I missing something?
> Strangely I only see three :
> nix$ openssl version
> OpenSSL 1.1.1b 26 Feb 2019
> nix$ openssl ciphers -V -tls1_3 -s
> 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any
> Enc=AESGCM(256) Mac=AEAD
> 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
> Enc=CHACHA20/POLY1305(256) Mac=AEAD
> 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any
> Enc=AESGCM(128) Mac=AEAD
> Very odd. I thought that there were more at one point.
The ones with truncated (8-byte) authentication tag are not intended for
general use and don't make it into the default list.
More information about the openssl-users