[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?

Jordan Brown openssl at jordan.maileater.net
Wed Jan 9 17:42:17 UTC 2019

On 1/8/2019 8:21 PM, Viktor Dukhovni wrote:
> How do you plan to offer a built-in menu of algorithms that have not
> yet been added to OpenSSL?

I'm a bit confused as to why we would need to - if the underlying
OpenSSL doesn't support a particular algorithm, then there's no need to
disable it.

The ideal would be that we ask OpenSSL what algorithms (and protocol
versions) it supports, and we export that list to the user.  However,
practically we've found that we couldn't do that even with TLS1.2,
because (a) "openssl ciphers" (and the underlying APIs) report PSK-* and
other algorithms we don't intend to support, and (b) the underlying
OpenSSL includes support for algorithms that our security policies don't
allow us to support.  Also, there's the question of whether a particular
algorithm or protocol version is supported but disabled by default, or
enabled by default.  For instance, today we support TLS 1.0, 1.1, and
1.2, but 1.0 is disabled by default.  That's a policy question that
OpenSSL can't help us with.

> And if users are better off leaving the list alone, why encourage that
> with a fancy UI? 

That's a good question, but at the same time we have a high-level UI
policy that we don't offer "non-fancy" UIs.

>> However, as I think about it, I remember that we already need a
>> softcoded list of algorithms, to avoid offering (e.g.) the PSK
>> algorithms.
> In TLS 1.3, the handshake parameters are configured separately from
> the cipherlist.  The use of (non-resumption) PSKs requires callbacks,
> so they're never enabled out of the box.
>> It sounds like TLS 1.3 will need the same.
> Actually, it won't, nor did earlier versions, the ciphers were
> listed by "openssl ciphers -v", but they can't get activated without
> application support.

Right... we found that when we blindly asked for the cipher list, it
included ciphers that weren't actually operable because we didn't have
the associated application support.  We had hoped to be able to use
relatively simple rules to determine the list of allowable ciphers, but
then found that we needed much more complex rules than were desirable.

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190109/f6e98ac5/attachment.html>

More information about the openssl-users mailing list