VirtualBox

source: vbox/trunk/src/libs/openssl-1.1.1l/doc/man1/ciphers.pod@ 91772

Last change on this file since 91772 was 91772, checked in by vboxsync, 3 years ago

openssl-1.1.1l: Applied and adjusted our OpenSSL changes to 1.1.1l. bugref:10126

File size: 27.7 KB
Line 
1=pod
2
3=head1 NAME
4
5openssl-ciphers,
6ciphers - SSL cipher display and cipher list tool
7
8=head1 SYNOPSIS
9
10B<openssl> B<ciphers>
11[B<-help>]
12[B<-s>]
13[B<-v>]
14[B<-V>]
15[B<-ssl3>]
16[B<-tls1>]
17[B<-tls1_1>]
18[B<-tls1_2>]
19[B<-tls1_3>]
20[B<-s>]
21[B<-psk>]
22[B<-srp>]
23[B<-stdname>]
24[B<-convert name>]
25[B<-ciphersuites val>]
26[B<cipherlist>]
27
28=head1 DESCRIPTION
29
30The B<ciphers> command converts textual OpenSSL cipher lists into ordered
31SSL cipher preference lists. It can be used as a test tool to determine
32the appropriate cipherlist.
33
34=head1 OPTIONS
35
36=over 4
37
38=item B<-help>
39
40Print a usage message.
41
42=item B<-s>
43
44Only list supported ciphers: those consistent with the security level, and
45minimum and maximum protocol version. This is closer to the actual cipher list
46an application will support.
47
48PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
49to enable them.
50
51It also does not change the default list of supported signature algorithms.
52
53On a server the list of supported ciphers might also exclude other ciphers
54depending on the configured certificates and presence of DH parameters.
55
56If this option is not used then all ciphers that match the cipherlist will be
57listed.
58
59=item B<-psk>
60
61When combined with B<-s> includes cipher suites which require PSK.
62
63=item B<-srp>
64
65When combined with B<-s> includes cipher suites which require SRP.
66
67=item B<-v>
68
69Verbose output: For each cipher suite, list details as provided by
70L<SSL_CIPHER_description(3)>.
71
72=item B<-V>
73
74Like B<-v>, but include the official cipher suite values in hex.
75
76=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3>
77
78In combination with the B<-s> option, list the ciphers which could be used if
79the specified protocol were negotiated.
80Note that not all protocols and flags may be available, depending on how
81OpenSSL was built.
82
83=item B<-stdname>
84
85Precede each cipher suite by its standard name.
86
87=item B<-convert name>
88
89Convert a standard cipher B<name> to its OpenSSL name.
90
91=item B<-ciphersuites val>
92
93Sets the list of TLSv1.3 ciphersuites. This list will be combined with any
94TLSv1.2 and below ciphersuites that have been configured. The format for this
95list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By
96default this value is:
97
98 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
99
100=item B<cipherlist>
101
102A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher
103preference list. This list will be combined with any TLSv1.3 ciphersuites that
104have been configured. If it is not included then the default cipher list will be
105used. The format is described below.
106
107=back
108
109=head1 CIPHER LIST FORMAT
110
111The cipher list consists of one or more I<cipher strings> separated by colons.
112Commas or spaces are also acceptable separators but colons are normally used.
113
114The actual cipher string can take several different forms.
115
116It can consist of a single cipher suite such as B<RC4-SHA>.
117
118It can represent a list of cipher suites containing a certain algorithm, or
119cipher suites of a certain type. For example B<SHA1> represents all ciphers
120suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
121algorithms.
122
123Lists of cipher suites can be combined in a single cipher string using the
124B<+> character. This is used as a logical B<and> operation. For example
125B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
126algorithms.
127
128Each cipher string can be optionally preceded by the characters B<!>,
129B<-> or B<+>.
130
131If B<!> is used then the ciphers are permanently deleted from the list.
132The ciphers deleted can never reappear in the list even if they are
133explicitly stated.
134
135If B<-> is used then the ciphers are deleted from the list, but some or
136all of the ciphers can be added again by later options.
137
138If B<+> is used then the ciphers are moved to the end of the list. This
139option doesn't add any new ciphers it just moves matching existing ones.
140
141If none of these characters is present then the string is just interpreted
142as a list of ciphers to be appended to the current preference list. If the
143list includes any ciphers already present they will be ignored: that is they
144will not moved to the end of the list.
145
146The cipher string B<@STRENGTH> can be used at any point to sort the current
147cipher list in order of encryption algorithm key length.
148
149The cipher string B<@SECLEVEL=n> can be used at any point to set the security
150level to B<n>, which should be a number between zero and five, inclusive.
151See L<SSL_CTX_set_security_level> for a description of what each level means.
152
153The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
154the default cipher list as defined below. Unlike cipher strings,
155this prefix may not be combined with other strings using B<+> character.
156For example, B<DEFAULT+DES> is not valid.
157
158The content of the default list is determined at compile time and normally
159corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
160
161=head1 CIPHER STRINGS
162
163The following is a list of all permitted cipher strings and their meanings.
164
165=over 4
166
167=item B<COMPLEMENTOFDEFAULT>
168
169The ciphers included in B<ALL>, but not enabled by default. Currently
170this includes all RC4 and anonymous ciphers. Note that this rule does
171not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
172necessary). Note that RC4 based cipher suites are not built into OpenSSL by
173default (see the enable-weak-ssl-ciphers option to Configure).
174
175=item B<ALL>
176
177All cipher suites except the B<eNULL> ciphers (which must be explicitly enabled
178if needed).
179As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
180
181=item B<COMPLEMENTOFALL>
182
183The cipher suites not enabled by B<ALL>, currently B<eNULL>.
184
185=item B<HIGH>
186
187"High" encryption cipher suites. This currently means those with key lengths
188larger than 128 bits, and some cipher suites with 128-bit keys.
189
190=item B<MEDIUM>
191
192"Medium" encryption cipher suites, currently some of those using 128 bit
193encryption.
194
195=item B<LOW>
196
197"Low" encryption cipher suites, currently those using 64 or 56 bit
198encryption algorithms but excluding export cipher suites. All these
199cipher suites have been removed as of OpenSSL 1.1.0.
200
201=item B<eNULL>, B<NULL>
202
203The "NULL" ciphers that is those offering no encryption. Because these offer no
204encryption at all and are a security risk they are not enabled via either the
205B<DEFAULT> or B<ALL> cipher strings.
206Be careful when building cipherlists out of lower-level primitives such as
207B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers. When in
208doubt, include B<!eNULL> in your cipherlist.
209
210=item B<aNULL>
211
212The cipher suites offering no authentication. This is currently the anonymous
213DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
214to "man in the middle" attacks and so their use is discouraged.
215These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
216ciphers.
217Be careful when building cipherlists out of lower-level primitives such as
218B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
219When in doubt, include B<!aNULL> in your cipherlist.
220
221=item B<kRSA>, B<aRSA>, B<RSA>
222
223Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
224B<kRSA>.
225
226=item B<kDHr>, B<kDHd>, B<kDH>
227
228Cipher suites using static DH key agreement and DH certificates signed by CAs
229with RSA and DSS keys or either respectively.
230All these cipher suites have been removed in OpenSSL 1.1.0.
231
232=item B<kDHE>, B<kEDH>, B<DH>
233
234Cipher suites using ephemeral DH key agreement, including anonymous cipher
235suites.
236
237=item B<DHE>, B<EDH>
238
239Cipher suites using authenticated ephemeral DH key agreement.
240
241=item B<ADH>
242
243Anonymous DH cipher suites, note that this does not include anonymous Elliptic
244Curve DH (ECDH) cipher suites.
245
246=item B<kEECDH>, B<kECDHE>, B<ECDH>
247
248Cipher suites using ephemeral ECDH key agreement, including anonymous
249cipher suites.
250
251=item B<ECDHE>, B<EECDH>
252
253Cipher suites using authenticated ephemeral ECDH key agreement.
254
255=item B<AECDH>
256
257Anonymous Elliptic Curve Diffie-Hellman cipher suites.
258
259=item B<aDSS>, B<DSS>
260
261Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
262
263=item B<aDH>
264
265Cipher suites effectively using DH authentication, i.e. the certificates carry
266DH keys.
267All these cipher suites have been removed in OpenSSL 1.1.0.
268
269=item B<aECDSA>, B<ECDSA>
270
271Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
272keys.
273
274=item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
275
276Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or
277SSL v3.0 respectively.
278Note: there are no cipher suites specific to TLS v1.1.
279Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
280then both TLSv1.0 and SSLv3.0 cipher suites are available.
281
282Note: these cipher strings B<do not> change the negotiated version of SSL or
283TLS, they only affect the list of available cipher suites.
284
285=item B<AES128>, B<AES256>, B<AES>
286
287cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
288
289=item B<AESGCM>
290
291AES in Galois Counter Mode (GCM): these cipher suites are only supported
292in TLS v1.2.
293
294=item B<AESCCM>, B<AESCCM8>
295
296AES in Cipher Block Chaining - Message Authentication Mode (CCM): these
297cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM
298cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
299while B<AESCCM8> only references 8 octet ICV.
300
301=item B<ARIA128>, B<ARIA256>, B<ARIA>
302
303Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
304ARIA.
305
306=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
307
308Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
309CAMELLIA.
310
311=item B<CHACHA20>
312
313Cipher suites using ChaCha20.
314
315=item B<3DES>
316
317Cipher suites using triple DES.
318
319=item B<DES>
320
321Cipher suites using DES (not triple DES).
322All these cipher suites have been removed in OpenSSL 1.1.0.
323
324=item B<RC4>
325
326Cipher suites using RC4.
327
328=item B<RC2>
329
330Cipher suites using RC2.
331
332=item B<IDEA>
333
334Cipher suites using IDEA.
335
336=item B<SEED>
337
338Cipher suites using SEED.
339
340=item B<MD5>
341
342Cipher suites using MD5.
343
344=item B<SHA1>, B<SHA>
345
346Cipher suites using SHA1.
347
348=item B<SHA256>, B<SHA384>
349
350Cipher suites using SHA256 or SHA384.
351
352=item B<aGOST>
353
354Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
355(needs an engine supporting GOST algorithms).
356
357=item B<aGOST01>
358
359Cipher suites using GOST R 34.10-2001 authentication.
360
361=item B<kGOST>
362
363Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
364
365=item B<GOST94>
366
367Cipher suites, using HMAC based on GOST R 34.11-94.
368
369=item B<GOST89MAC>
370
371Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
372
373=item B<PSK>
374
375All cipher suites using pre-shared keys (PSK).
376
377=item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK>
378
379Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
380
381=item B<aPSK>
382
383Cipher suites using PSK authentication (currently all PSK modes apart from
384RSA_PSK).
385
386=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
387
388Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
389128 bit (not permitting 192 bit by peer) or 192 bit level of security
390respectively.
391If used these cipherstrings should appear first in the cipher
392list and anything after them is ignored.
393Setting Suite B mode has additional consequences required to comply with
394RFC6460.
395In particular the supported signature algorithms is reduced to support only
396ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be
397used and only the two suite B compliant cipher suites
398(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are
399permissible.
400
401=back
402
403=head1 CIPHER SUITE NAMES
404
405The following lists give the SSL or TLS cipher suites names from the
406relevant specification and their OpenSSL equivalents. It should be noted,
407that several cipher suite names do not include the authentication used,
408e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
409
410=head2 SSL v3.0 cipher suites
411
412 SSL_RSA_WITH_NULL_MD5 NULL-MD5
413 SSL_RSA_WITH_NULL_SHA NULL-SHA
414 SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
415 SSL_RSA_WITH_RC4_128_SHA RC4-SHA
416 SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
417 SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
418
419 SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
420 SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
421 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
422 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
423
424 SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
425 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
426
427 SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
428 SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
429 SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
430
431=head2 TLS v1.0 cipher suites
432
433 TLS_RSA_WITH_NULL_MD5 NULL-MD5
434 TLS_RSA_WITH_NULL_SHA NULL-SHA
435 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
436 TLS_RSA_WITH_RC4_128_SHA RC4-SHA
437 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
438 TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
439
440 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
441 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
442 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
443 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
444
445 TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
446 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
447
448=head2 AES cipher suites from RFC3268, extending TLS v1.0
449
450 TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
451 TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
452
453 TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
454 TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
455 TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
456 TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
457
458 TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
459 TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
460 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
461 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
462
463 TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
464 TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
465
466=head2 Camellia cipher suites from RFC4132, extending TLS v1.0
467
468 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
469 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
470
471 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA
472 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA
473 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA
474 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA
475
476 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
477 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
478 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
479 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
480
481 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
482 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
483
484=head2 SEED cipher suites from RFC4162, extending TLS v1.0
485
486 TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
487
488 TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA
489 TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA
490
491 TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
492 TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
493
494 TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
495
496=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
497
498Note: these ciphers require an engine which including GOST cryptographic
499algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
500
501 TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
502 TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
503 TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
504 TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
505
506=head2 Additional Export 1024 and other cipher suites
507
508Note: these ciphers can also be used in SSL v3.
509
510 TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
511
512=head2 Elliptic curve cipher suites.
513
514 TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
515 TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
516 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
517 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
518 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
519
520 TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA
521 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
522 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
523 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
524 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
525
526 TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA
527 TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
528 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
529 TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
530 TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
531
532=head2 TLS v1.2 cipher suites
533
534 TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
535
536 TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
537 TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
538 TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
539 TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
540
541 TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256
542 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256
543 TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256
544 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384
545
546 TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256
547 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256
548 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256
549 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384
550
551 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
552 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
553 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
554 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
555
556 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
557 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
558 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
559 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
560
561 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
562 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
563 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
564 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
565
566 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
567 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
568 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
569 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
570
571 TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
572 TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
573 TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
574 TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
575
576 RSA_WITH_AES_128_CCM AES128-CCM
577 RSA_WITH_AES_256_CCM AES256-CCM
578 DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM
579 DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM
580 RSA_WITH_AES_128_CCM_8 AES128-CCM8
581 RSA_WITH_AES_256_CCM_8 AES256-CCM8
582 DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8
583 DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8
584 ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
585 ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
586 ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
587 ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
588
589=head2 ARIA cipher suites from RFC6209, extending TLS v1.2
590
591Note: the CBC modes mentioned in this RFC are not supported.
592
593 TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256
594 TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384
595 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256
596 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384
597 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256
598 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384
599 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256
600 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384
601 TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256
602 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384
603 TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256
604 TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384
605 TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256
606 TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384
607 TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256
608 TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384
609
610=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
611
612 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
613 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
614 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
615 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
616
617=head2 Pre-shared keying (PSK) cipher suites
618
619 PSK_WITH_NULL_SHA PSK-NULL-SHA
620 DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
621 RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA
622
623 PSK_WITH_RC4_128_SHA PSK-RC4-SHA
624 PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
625 PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
626 PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
627
628 DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA
629 DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA
630 DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
631 DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
632
633 RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
634 RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
635 RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
636 RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
637
638 PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
639 PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
640 DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
641 DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
642 RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
643 RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
644
645 PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
646 PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
647 PSK_WITH_NULL_SHA256 PSK-NULL-SHA256
648 PSK_WITH_NULL_SHA384 PSK-NULL-SHA384
649 DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
650 DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
651 DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256
652 DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384
653 RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
654 RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
655 RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256
656 RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384
657 PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
658 PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
659
660 ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
661 ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA
662 ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
663 ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
664 ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
665 ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
666 ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA
667 ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256
668 ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384
669
670 PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256
671 PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384
672
673 DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256
674 DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384
675
676 RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256
677 RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384
678
679 ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
680 ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
681
682 PSK_WITH_AES_128_CCM PSK-AES128-CCM
683 PSK_WITH_AES_256_CCM PSK-AES256-CCM
684 DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
685 DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
686 PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
687 PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
688 DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
689 DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
690
691=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
692
693 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
694 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
695 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305
696 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305
697 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
698 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
699 TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
700
701=head2 TLS v1.3 cipher suites
702
703 TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256
704 TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384
705 TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256
706 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256
707 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256
708
709=head2 Older names used by OpenSSL
710
711The following names are accepted by older releases:
712
713 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
714 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
715
716=head1 NOTES
717
718Some compiled versions of OpenSSL may not include all the ciphers
719listed here because some ciphers were excluded at compile time.
720
721=head1 EXAMPLES
722
723Verbose listing of all OpenSSL ciphers including NULL ciphers:
724
725 openssl ciphers -v 'ALL:eNULL'
726
727Include all ciphers except NULL and anonymous DH then sort by
728strength:
729
730 openssl ciphers -v 'ALL:!ADH:@STRENGTH'
731
732Include all ciphers except ones with no encryption (eNULL) or no
733authentication (aNULL):
734
735 openssl ciphers -v 'ALL:!aNULL'
736
737Include only 3DES ciphers and then place RSA ciphers last:
738
739 openssl ciphers -v '3DES:+RSA'
740
741Include all RC4 ciphers but leave out those without authentication:
742
743 openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
744
745Include all ciphers with RSA authentication but leave out ciphers without
746encryption.
747
748 openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
749
750Set security level to 2 and display all ciphers consistent with level 2:
751
752 openssl ciphers -s -v 'ALL:@SECLEVEL=2'
753
754=head1 SEE ALSO
755
756L<s_client(1)>, L<s_server(1)>, L<ssl(7)>
757
758=head1 HISTORY
759
760The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
761
762The B<-stdname> is only available if OpenSSL is built with tracing enabled
763(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
764
765The B<-convert> option was added in OpenSSL 1.1.1.
766
767=head1 COPYRIGHT
768
769Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
770
771Licensed under the OpenSSL license (the "License"). You may not use
772this file except in compliance with the License. You can obtain a copy
773in the file LICENSE in the source distribution or at
774L<https://www.openssl.org/source/license.html>.
775
776=cut
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette