On 10/04/2019 17:13, Dennis Clarke wrote: > On 4/10/19 7:37 AM, Richard Moore wrote: >> Hi All, >> >> I haven't found a way to list the supported openssl ciphers from the command >> line (i.e. get the list of potential values for -ciphersuites). I understand >> that currently there are only 5 options however this could change over time, >> so I wanted to avoid hard coding the list in a script. Am I missing something? >> >> Thanks >> >> Rich > > Strangely I only see three : > > nix$ openssl version > OpenSSL 1.1.1b 26 Feb 2019 > nix$ openssl ciphers -V -tls1_3 -s > 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any > Enc=AESGCM(256) Mac=AEAD > 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any > Enc=CHACHA20/POLY1305(256) Mac=AEAD > 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any > Enc=AESGCM(128) Mac=AEAD > nix$ > > Very odd. I thought that there were more at one point. > There are 5 but only 3 are enabled by default. I'm not sure it is possible to get "openssl ciphers" to list all of the ones it knows about. You have to explicitly list them in the "-ciphersuites" option. Probably we should add that capability. Matt