You can't do it with keywords. Be explicit about what you want and put it in the order you want. That way you will not be surprised when the expansion of a keyword changes.
>From your list, ECDHE first, then decide RSA/ECDSA. Then AES-GCM. Why do you care about sha384 vs 256? Do you really need camellia-only?
And @STRENGTH is a hack, looking at only one factor.
Here is a real-world example (this ignores some of my advice)
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:AES256-GCM-SHA384:
AES256-SHA256:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256:
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richsalz@xxxxxxxxx Twitter: RichSalz
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
