> On Nov 16, 2017, at 1:51 AM, Grace Priscilla Jero <grace.priscilla@xxxxxxxxx> wrote: > > How to check the default ciphers? We are not setting any ciphers in our code. What specifically are you looking for? The cipherlist sent to the server depends in part on which protocols are enabled in the client, and as of OpenSSL 1.1.0 also on the "security level" (default 1). PSK and SRP ciphers require an application callback to provide shared secrets and so are not used in most applications. The "openssl ciphers" command (see the manpage) lists the ciphers that match either the DEFAULT or some explicit cipher string. With OpenSSL 1.1.0 you can specify a TLS protocol versions and see only the ciphers compatible with that protocol version. In the upcoming TLS 1.3 the ciphers are completely different from previous versions, and configuration via cipher strings was not implemented last I looked. This may have changed... -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
