[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Jan 14 20:31:36 UTC 2019
On Mon, Jan 14, 2019 at 02:18:18PM +0100, Yann Ylavic wrote:
> I suppose one can always, e.g.:
>
> $ openssl ciphers -v |grep TLSv1.3 |awk '{print $1}' # or whatever filtering
>
> to not depend on this "accident", right?
The correct form would be:
$ /usr/local/bin/openssl ciphers -s tls1_3 | tr ':' '\n'
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
This shows which ciphers are applicable to TLS 1.3. If TLS 1.4 ever
appears, and supports both TLS 1.3 and TLS 1.4 ciphers, then:
$ /usr/local/bin/openssl ciphers -s tls1_4 | tr ':' '\n'
would show both, as both would be applicable.
--
Viktor.
More information about the openssl-users
mailing list