On Wed, Apr 10, 2019 at 12:13:27PM -0400, Dennis Clarke wrote: > On 4/10/19 7:37 AM, Richard Moore wrote: > >Hi All, > > > >I haven't found a way to list the supported openssl ciphers from the > >command line (i.e. get the list of potential values for -ciphersuites). I > >understand that currently there are only 5 options however this could > >change over time, so I wanted to avoid hard coding the list in a script. > >Am I missing something? > > > >Thanks > > > >Rich > > Strangely I only see three : > > nix$ openssl version > OpenSSL 1.1.1b 26 Feb 2019 > nix$ openssl ciphers -V -tls1_3 -s > 0x13,0x02 - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any > Enc=AESGCM(256) Mac=AEAD > 0x13,0x03 - TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any > Enc=CHACHA20/POLY1305(256) Mac=AEAD > 0x13,0x01 - TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any > Enc=AESGCM(128) Mac=AEAD > nix$ > > Very odd. I thought that there were more at one point. The ones with truncated (8-byte) authentication tag are not intended for general use and don't make it into the default list. -Ben
