Re: Listing TLS 1.3 Ciphers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/04/2019 17:13, Dennis Clarke wrote:
> On 4/10/19 7:37 AM, Richard Moore wrote:
>> Hi All,
>>
>> I haven't found a way to list the supported openssl ciphers from the command
>> line (i.e. get the list of potential values for -ciphersuites). I understand
>> that currently there are only 5 options however this could change over time,
>> so I wanted to avoid hard coding the list in a script. Am I missing something?
>>
>> Thanks
>>
>> Rich
> 
> Strangely I only see three :
> 
> nix$ openssl version
> OpenSSL 1.1.1b  26 Feb 2019
> nix$ openssl ciphers -V -tls1_3 -s
>           0x13,0x02 - TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any Au=any 
> Enc=AESGCM(256) Mac=AEAD
>           0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any 
> Enc=CHACHA20/POLY1305(256) Mac=AEAD
>           0x13,0x01 - TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any Au=any 
> Enc=AESGCM(128) Mac=AEAD
> nix$
> 
> Very odd. I thought that there were more at one point.
> 

There are 5 but only 3 are enabled by default. I'm not sure it is possible to
get "openssl ciphers" to list all of the ones it knows about. You have to
explicitly list them in the "-ciphersuites" option. Probably we should add that
capability.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux