[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?

Sam Roberts vieuxtech at gmail.com
Mon Jan 14 19:03:55 UTC 2019


On Mon, Jan 14, 2019 at 5:18 AM Yann Ylavic <ylavic.dev at gmail.com> wrote:
> I suppose one can always, e.g.:
>
> $ openssl ciphers -v |grep TLSv1.3 |awk '{print $1}' # or whatever filtering
>
> to not depend on this "accident", right?

No, `ciphers` gives you the TLS cipher suites that are enabled, it
doesn't give all.

As you saw with both of your `ciphers` commands, they are printing the
3 TLS1.3 cipher suites that are enabled by default, but OpenSSL
supports 5 TLS1.3 cipher suites, two are missing from the output.

Cheers,
Sam


More information about the openssl-users mailing list