Listing TLS 1.3 Ciphers
Matt Caswell
matt at openssl.org
Thu Apr 11 08:37:45 UTC 2019
On 10/04/2019 22:06, Richard Moore wrote:
> They also don't appear if you explicitly try to list 'All' which is what I found
> surprising.
"ALL" is a TLSv1.2 cipherstring and has no impact on the TLSv1.3 ciphersuite
selection. The two sets of ciphersuites are configured separately.
On 11/04/2019 00:06, Michael Richardson wrote:
> I think that those are the ones that constrained devices prefer,
> such as ECDHE-ECDSA-AES128-CCM8?
> So is there a way to validate that they are available, that there were
> compiled in?
You can get "openssl ciphers" to show them if you explicitly ask for them, i.e.
$ openssl ciphers -v -ciphersuites
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256"
| grep "TLSv1.3"
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
TLS_AES_128_CCM_8_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM8(128) Mac=AEAD
Matt
More information about the openssl-users
mailing list