On 04/11/15 23:53, Steve Topletz wrote: > I find that I'm missing many ciphers when I interrogate my openssl service. > > Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl ciphers -V TLSv1.2'. > > How do I get the rest of these ciphers enabled? The ciphers available are a combination of your cipher string (in this case "TLSv1.2") and the rest of your configuration. If you only supply an RSA cert then you won't get any ciphersuites that require DSS, ECDSA, DH or ECDH certificates. You can supply more than one certificate type if you wish (see -dcert and -dkey). Also if you don't set a pre shared key (-psk option) then you won't get any PSK ciphersuites. Matt
