On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote: > I find that I'm missing many ciphers when I interrogate my openssl service. > > Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 > -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl > ciphers -V TLSv1.2'. > > How do I get the rest of these ciphers enabled? Only ciphers found in the "DEFAULT" cipherlist that are compatible with your server certificate algorithm will be enabled in your server. For example, if you only configured an RSA certificate, you won't be using ECDSA, DSA, kECDH, kDH, PSK or SRP ciphers. Nor eNULL or aNULL ciphers... So you should not expect to see many ciphers, and this is typically for the best. -- Viktor.
