[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?
Sam Roberts
vieuxtech at gmail.com
Wed Jan 9 04:19:45 UTC 2019
On Tue, Jan 8, 2019 at 7:10 PM Viktor Dukhovni
<openssl-users at dukhovni.org> wrote:
> On Tue, Jan 08, 2019 at 02:23:27PM -0800, Sam Roberts wrote:
> > node.js has an API that lists all the cipher suite names that can be
> > validly passed to set_cipher_list(), but I don't see how to get them
> > for TLS1.3 to list the valid inputs to set_cipher_suites().
>
> The intent is that you SHOULD NOT generally customize the list.
There are many reasons users might want to customize it, writing unit
tests for example, to ensure that their software interoperates with
clients that only support some of the ciphers. For the same reasons
OpenSSL allows the cipher suite to be customized, Node.js exposes this
capability to its users, along with a recommendation to not do this
casually. The Node.js default will, of course, be the same as OpenSSL
for TLS1.3.
Anyhow, my question isn't about how to call set_cipher_suites(), its
about how to get the list of ciphers supported by OpenSSL for TLS1.3
in such a way that when new ciphers become available, they are
returned.
I realized the link to the API I provided, not that its that relevant,
was to my local dev filesystem, oops! The API is
https://nodejs.org/api/crypto.html#crypto_crypto_getciphers.
More information about the openssl-users
mailing list