[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?

Matt Caswell matt at openssl.org
Mon Jan 14 12:09:26 UTC 2019

On 13/01/2019 21:11, Yann Ylavic wrote:
> On Tue, Jan 8, 2019 at 11:24 PM Sam Roberts <vieuxtech at gmail.com> wrote:
>> node.js has an API that lists all the cipher suite names that can be
>> validly passed to set_cipher_list(), but I don't see how to get them
>> for TLS1.3 to list the valid inputs to set_cipher_suites().
> FWIW, the below works for me:
> $ openssl ciphers -v TLSv1.3
> TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any
> Enc=CHACHA20/POLY1305(256) Mac=AEAD
> TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD

This works more "by accident". There is no ciphersuite alias called "TLSv1.3",
so using it as above results in no ciphersuites matched. Since the TLSv1.3
ciphersuites are on by default anyway that's all that you get back.


More information about the openssl-users mailing list