[openssl-users] is there an API to list all the TLS 1.3 cipher suite names?
bkaduk at akamai.com
Fri Jan 18 18:01:07 UTC 2019
On Fri, Jan 18, 2019 at 01:33:20AM +0000, Jordan Brown wrote:
> On 1/14/2019 4:09 AM, Matt Caswell wrote:
> > This works more "by accident". There is no ciphersuite alias called
> > "TLSv1.3", so using it as above results in no ciphersuites matched.
> > Since the TLSv1.3 ciphersuites are on by default anyway that's all
> > that you get back.
> From what you say, and based on experimentation, it seems like the
> TLSv1.3 ciphersuites are enabled even if you explicitly say to disable them.
> $ openssl ciphers SHA384:\!TLS_AES_256_GCM_SHA384
> $ openssl ciphers AES:-SHA384
> That doesn't seem right. Am I missing something?
Presumably. The TLS 1.3 ciphersuites are entirely separate from the traditional
Sets the list of TLSv1.3 ciphersuites. This list will be combined with
any TLSv1.2 and below ciphersuites that have been configured. The format
for this list is a simple colon (":") separated list of TLSv1.3
ciphersuite names. By default this value is:
More information about the openssl-users