This makes total sense, thanks! Ultimately I want to enable as many ciphers as possible as this machine is being used to test a new TLS forensic tool, so the server security isn't an issue to consider in configuration. ST > On Nov 4, 2015, at 4:01 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote: > >> On Wed, Nov 04, 2015 at 03:53:27PM -0800, Steve Topletz wrote: >> >> I find that I'm missing many ciphers when I interrogate my openssl service. >> >> Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 >> -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl >> ciphers -V TLSv1.2'. >> >> How do I get the rest of these ciphers enabled? > > Only ciphers found in the "DEFAULT" cipherlist that are compatible > with your server certificate algorithm will be enabled in your > server. > > For example, if you only configured an RSA certificate, you won't > be using ECDSA, DSA, kECDH, kDH, PSK or SRP ciphers. Nor eNULL or > aNULL ciphers... > > So you should not expect to see many ciphers, and this is typically > for the best. > > -- > Viktor. > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
