[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?
matt at openssl.org
Mon Jan 14 12:09:26 UTC 2019
On 13/01/2019 21:11, Yann Ylavic wrote:
> On Tue, Jan 8, 2019 at 11:24 PM Sam Roberts <vieuxtech at gmail.com> wrote:
>> node.js has an API that lists all the cipher suite names that can be
>> validly passed to set_cipher_list(), but I don't see how to get them
>> for TLS1.3 to list the valid inputs to set_cipher_suites().
> FWIW, the below works for me:
> $ openssl ciphers -v TLSv1.3
> TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any
> Enc=CHACHA20/POLY1305(256) Mac=AEAD
> TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
This works more "by accident". There is no ciphersuite alias called "TLSv1.3",
so using it as above results in no ciphersuites matched. Since the TLSv1.3
ciphersuites are on by default anyway that's all that you get back.
More information about the openssl-users