On 05/11/15 00:01, Viktor Dukhovni wrote: > On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote: > >> I find that I'm missing many ciphers when I interrogate my openssl service. >> >> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 >> -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl >> ciphers -V TLSv1.2'. >> >> How do I get the rest of these ciphers enabled? > > Only ciphers found in the "DEFAULT" cipherlist that are compatible > with your server certificate algorithm will be enabled in your > server. Note that in this case an explicit cipher string of TLSv1.2 has been set. This *includes* some ciphersuites that are not in DEFAULT, e.g. some eNULL based ciphersuites Matt
