[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?

Jordan Brown openssl at jordan.maileater.net
Fri Jan 18 01:33:20 UTC 2019

On 1/14/2019 4:09 AM, Matt Caswell wrote:
> This works more "by accident". There is no ciphersuite alias called
> "TLSv1.3", so using it as above results in no ciphersuites matched.
> Since the TLSv1.3 ciphersuites are on by default anyway that's all
> that you get back.

>From what you say, and based on experimentation, it seems like the
TLSv1.3 ciphersuites are enabled even if you explicitly say to disable them.

    $ openssl ciphers SHA384:\!TLS_AES_256_GCM_SHA384

    $ openssl ciphers AES:-SHA384

That doesn't seem right.  Am I missing something?

Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190118/389daae0/attachment.html>

More information about the openssl-users mailing list