[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?

Viktor Dukhovni openssl-users at dukhovni.org
Mon Jan 14 20:31:36 UTC 2019

On Mon, Jan 14, 2019 at 02:18:18PM +0100, Yann Ylavic wrote:

> I suppose one can always, e.g.:
> $ openssl ciphers -v |grep TLSv1.3 |awk '{print $1}' # or whatever filtering
> to not depend on this "accident", right?

The correct form would be:

    $ /usr/local/bin/openssl ciphers -s tls1_3 | tr ':' '\n'

This shows which ciphers are applicable to TLS 1.3.  If TLS 1.4 ever
appears, and supports both TLS 1.3 and TLS 1.4 ciphers, then:

    $ /usr/local/bin/openssl ciphers -s tls1_4 | tr ':' '\n'

would show both, as both would be applicable.


More information about the openssl-users mailing list