diff options
Diffstat (limited to 'deps/openssl/openssl/doc/man1/ciphers.pod')
| -rw-r--r-- | deps/openssl/openssl/doc/man1/ciphers.pod | 776 |
1 files changed, 776 insertions, 0 deletions
diff --git a/deps/openssl/openssl/doc/man1/ciphers.pod b/deps/openssl/openssl/doc/man1/ciphers.pod new file mode 100644 index 0000000000..3aea982384 --- /dev/null +++ b/deps/openssl/openssl/doc/man1/ciphers.pod @@ -0,0 +1,776 @@ +=pod + +=head1 NAME + +openssl-ciphers, +ciphers - SSL cipher display and cipher list tool + +=head1 SYNOPSIS + +B<openssl> B<ciphers> +[B<-help>] +[B<-s>] +[B<-v>] +[B<-V>] +[B<-ssl3>] +[B<-tls1>] +[B<-tls1_1>] +[B<-tls1_2>] +[B<-tls1_3>] +[B<-s>] +[B<-psk>] +[B<-srp>] +[B<-stdname>] +[B<-convert name>] +[B<-ciphersuites val>] +[B<cipherlist>] + +=head1 DESCRIPTION + +The B<ciphers> command converts textual OpenSSL cipher lists into ordered +SSL cipher preference lists. It can be used as a test tool to determine +the appropriate cipherlist. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print a usage message. + +=item B<-s> + +Only list supported ciphers: those consistent with the security level, and +minimum and maximum protocol version. This is closer to the actual cipher list +an application will support. + +PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp> +to enable them. + +It also does not change the default list of supported signature algorithms. + +On a server the list of supported ciphers might also exclude other ciphers +depending on the configured certificates and presence of DH parameters. + +If this option is not used then all ciphers that match the cipherlist will be +listed. + +=item B<-psk> + +When combined with B<-s> includes cipher suites which require PSK. + +=item B<-srp> + +When combined with B<-s> includes cipher suites which require SRP. + +=item B<-v> + +Verbose output: For each cipher suite, list details as provided by +L<SSL_CIPHER_description(3)>. + +=item B<-V> + +Like B<-v>, but include the official cipher suite values in hex. + +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> + +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. + +=item B<-stdname> + +Precede each cipher suite by its standard name. + +=item B<-convert name> + +Convert a standard cipher B<name> to its OpenSSL name. + +=item B<-ciphersuites val> + +Sets the list of TLSv1.3 ciphersuites. This list will be combined with any +TLSv1.2 and below ciphersuites that have been configured. The format for this +list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By +default this value is: + + TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 + +=item B<cipherlist> + +A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher +preference list. This list will be combined with any TLSv1.3 ciphersuites that +have been configured. If it is not included then the default cipher list will be +used. The format is described below. + +=back + +=head1 CIPHER LIST FORMAT + +The cipher list consists of one or more I<cipher strings> separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. + +The actual cipher string can take several different forms. + +It can consist of a single cipher suite such as B<RC4-SHA>. + +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example B<SHA1> represents all ciphers +suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3 +algorithms. + +Lists of cipher suites can be combined in a single cipher string using the +B<+> character. This is used as a logical B<and> operation. For example +B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES +algorithms. + +Each cipher string can be optionally preceded by the characters B<!>, +B<-> or B<+>. + +If B<!> is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. + +If B<-> is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. + +If B<+> is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. + +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. + +The cipher string B<@STRENGTH> can be used at any point to sort the current +cipher list in order of encryption algorithm key length. + +The cipher string B<@SECLEVEL=n> can be used at any point to set the security +level to B<n>, which should be a number between zero and five, inclusive. +See L<SSL_CTX_set_security_level> for a description of what each level means. + +The cipher list can be prefixed with the B<DEFAULT> keyword, which enables +the default cipher list as defined below. Unlike cipher strings, +this prefix may not be combined with other strings using B<+> character. +For example, B<DEFAULT+DES> is not valid. + +The content of the default list is determined at compile time and normally +corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>. + +=head1 CIPHER STRINGS + +The following is a list of all permitted cipher strings and their meanings. + +=over 4 + +=item B<COMPLEMENTOFDEFAULT> + +The ciphers included in B<ALL>, but not enabled by default. Currently +this includes all RC4 and anonymous ciphers. Note that this rule does +not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if +necessary). Note that RC4 based cipher suites are not built into OpenSSL by +default (see the enable-weak-ssl-ciphers option to Configure). + +=item B<ALL> + +All cipher suites except the B<eNULL> ciphers (which must be explicitly enabled +if needed). +As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default. + +=item B<COMPLEMENTOFALL> + +The cipher suites not enabled by B<ALL>, currently B<eNULL>. + +=item B<HIGH> + +"High" encryption cipher suites. This currently means those with key lengths +larger than 128 bits, and some cipher suites with 128-bit keys. + +=item B<MEDIUM> + +"Medium" encryption cipher suites, currently some of those using 128 bit +encryption. + +=item B<LOW> + +"Low" encryption cipher suites, currently those using 64 or 56 bit +encryption algorithms but excluding export cipher suites. All these +cipher suites have been removed as of OpenSSL 1.1.0. + +=item B<eNULL>, B<NULL> + +The "NULL" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are not enabled via either the +B<DEFAULT> or B<ALL> cipher strings. +Be careful when building cipherlists out of lower-level primitives such as +B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers. When in +doubt, include B<!eNULL> in your cipherlist. + +=item B<aNULL> + +The cipher suites offering no authentication. This is currently the anonymous +DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable +to "man in the middle" attacks and so their use is discouraged. +These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL> +ciphers. +Be careful when building cipherlists out of lower-level primitives such as +B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers. +When in doubt, include B<!aNULL> in your cipherlist. + +=item B<kRSA>, B<aRSA>, B<RSA> + +Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for +B<kRSA>. + +=item B<kDHr>, B<kDHd>, B<kDH> + +Cipher suites using static DH key agreement and DH certificates signed by CAs +with RSA and DSS keys or either respectively. +All these cipher suites have been removed in OpenSSL 1.1.0. + +=item B<kDHE>, B<kEDH>, B<DH> + +Cipher suites using ephemeral DH key agreement, including anonymous cipher +suites. + +=item B<DHE>, B<EDH> + +Cipher suites using authenticated ephemeral DH key agreement. + +=item B<ADH> + +Anonymous DH cipher suites, note that this does not include anonymous Elliptic +Curve DH (ECDH) cipher suites. + +=item B<kEECDH>, B<kECDHE>, B<ECDH> + +Cipher suites using ephemeral ECDH key agreement, including anonymous +cipher suites. + +=item B<ECDHE>, B<EECDH> + +Cipher suites using authenticated ephemeral ECDH key agreement. + +=item B<AECDH> + +Anonymous Elliptic Curve Diffie-Hellman cipher suites. + +=item B<aDSS>, B<DSS> + +Cipher suites using DSS authentication, i.e. the certificates carry DSS keys. + +=item B<aDH> + +Cipher suites effectively using DH authentication, i.e. the certificates carry +DH keys. +All these cipher suites have been removed in OpenSSL 1.1.0. + +=item B<aECDSA>, B<ECDSA> + +Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA +keys. + +=item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3> + +Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or +SSL v3.0 respectively. +Note: there are no cipher suites specific to TLS v1.1. +Since this is only the minimum version, if, for example, TLSv1.0 is negotiated +then both TLSv1.0 and SSLv3.0 cipher suites are available. + +Note: these cipher strings B<do not> change the negotiated version of SSL or +TLS, they only affect the list of available cipher suites. + +=item B<AES128>, B<AES256>, B<AES> + +cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES. + +=item B<AESGCM> + +AES in Galois Counter Mode (GCM): these cipher suites are only supported +in TLS v1.2. + +=item B<AESCCM>, B<AESCCM8> + +AES in Cipher Block Chaining - Message Authentication Mode (CCM): these +cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM +cipher suites using both 16 and 8 octet Integrity Check Value (ICV) +while B<AESCCM8> only references 8 octet ICV. + +=item B<ARIA128>, B<ARIA256>, B<ARIA> + +Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit +ARIA. + +=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA> + +Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit +CAMELLIA. + +=item B<CHACHA20> + +Cipher suites using ChaCha20. + +=item B<3DES> + +Cipher suites using triple DES. + +=item B<DES> + +Cipher suites using DES (not triple DES). +All these cipher suites have been removed in OpenSSL 1.1.0. + +=item B<RC4> + +Cipher suites using RC4. + +=item B<RC2> + +Cipher suites using RC2. + +=item B<IDEA> + +Cipher suites using IDEA. + +=item B<SEED> + +Cipher suites using SEED. + +=item B<MD5> + +Cipher suites using MD5. + +=item B<SHA1>, B<SHA> + +Cipher suites using SHA1. + +=item B<SHA256>, B<SHA384> + +Cipher suites using SHA256 or SHA384. + +=item B<aGOST> + +Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication +(needs an engine supporting GOST algorithms). + +=item B<aGOST01> + +Cipher suites using GOST R 34.10-2001 authentication. + +=item B<kGOST> + +Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357. + +=item B<GOST94> + +Cipher suites, using HMAC based on GOST R 34.11-94. + +=item B<GOST89MAC> + +Cipher suites using GOST 28147-89 MAC B<instead of> HMAC. + +=item B<PSK> + +All cipher suites using pre-shared keys (PSK). + +=item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK> + +Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK. + +=item B<aPSK> + +Cipher suites using PSK authentication (currently all PSK modes apart from +RSA_PSK). + +=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192> + +Enables suite B mode of operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. +If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. +Setting Suite B mode has additional consequences required to comply with +RFC6460. +In particular the supported signature algorithms is reduced to support only +ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be +used and only the two suite B compliant cipher suites +(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are +permissible. + +=back + +=head1 CIPHER SUITE NAMES + +The following lists give the SSL or TLS cipher suites names from the +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. + +=head2 SSL v3.0 cipher suites + + SSL_RSA_WITH_NULL_MD5 NULL-MD5 + SSL_RSA_WITH_NULL_SHA NULL-SHA + SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 + SSL_RSA_WITH_RC4_128_SHA RC4-SHA + SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + + SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA + SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA + SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + + SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA + + SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. + SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. + SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. + +=head2 TLS v1.0 cipher suites + + TLS_RSA_WITH_NULL_MD5 NULL-MD5 + TLS_RSA_WITH_NULL_SHA NULL-SHA + TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 + TLS_RSA_WITH_RC4_128_SHA RC4-SHA + TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA + TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA + + TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. + TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA + + TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 + TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA + +=head2 AES cipher suites from RFC3268, extending TLS v1.0 + + TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA + TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA + + TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA + TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA + TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA + TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA + + TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA + TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA + TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA + TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA + + TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA + TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA + +=head2 Camellia cipher suites from RFC4132, extending TLS v1.0 + + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA + + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA + + TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA + + TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA + TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA + +=head2 SEED cipher suites from RFC4162, extending TLS v1.0 + + TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA + + TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA + TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA + + TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA + TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA + + TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA + +=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0 + +Note: these ciphers require an engine which including GOST cryptographic +algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution. + + TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89 + TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89 + TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94 + TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94 + +=head2 Additional Export 1024 and other cipher suites + +Note: these ciphers can also be used in SSL v3. + + TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA + +=head2 Elliptic curve cipher suites. + + TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA + TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA + + TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA + + TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA + TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA + TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA + TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA + TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA + +=head2 TLS v1.2 cipher suites + + TLS_RSA_WITH_NULL_SHA256 NULL-SHA256 + + TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256 + TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256 + TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 + TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 + + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256 + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256 + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256 + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384 + + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256 + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256 + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256 + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384 + + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256 + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384 + + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256 + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256 + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256 + TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384 + + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384 + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384 + + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384 + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 + + TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256 + TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256 + TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256 + TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384 + + RSA_WITH_AES_128_CCM AES128-CCM + RSA_WITH_AES_256_CCM AES256-CCM + DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM + DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM + RSA_WITH_AES_128_CCM_8 AES128-CCM8 + RSA_WITH_AES_256_CCM_8 AES256-CCM8 + DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8 + DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8 + ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM + ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM + ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8 + ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8 + +=head2 ARIA cipher suites from RFC6209, extending TLS v1.2 + +Note: the CBC modes mentioned in this RFC are not supported. + + TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256 + TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384 + TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256 + TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384 + TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256 + TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384 + TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256 + TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384 + TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256 + TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384 + TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256 + TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384 + TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256 + TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384 + TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256 + TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384 + +=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2 + + TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256 + TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384 + TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256 + TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384 + +=head2 Pre-shared keying (PSK) cipher suites + + PSK_WITH_NULL_SHA PSK-NULL-SHA + DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA + RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA + + PSK_WITH_RC4_128_SHA PSK-RC4-SHA + PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA + PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA + PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA + + DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA + DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA + DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA + DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA + + RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA + RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA + RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA + RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA + + PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256 + DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384 + RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256 + RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384 + + PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256 + PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384 + PSK_WITH_NULL_SHA256 PSK-NULL-SHA256 + PSK_WITH_NULL_SHA384 PSK-NULL-SHA384 + DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256 + DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384 + DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256 + DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384 + RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256 + RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384 + RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256 + RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384 + PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256 + PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384 + + ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA + ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA + ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA + ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA + ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256 + ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384 + ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA + ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256 + ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384 + + PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256 + PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384 + + DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256 + DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384 + + RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256 + RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384 + + ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256 + ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384 + + PSK_WITH_AES_128_CCM PSK-AES128-CCM + PSK_WITH_AES_256_CCM PSK-AES256-CCM + DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM + DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM + PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8 + PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8 + DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8 + DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8 + +=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2 + + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305 + TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305 + TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305 + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305 + TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305 + TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305 + +=head2 TLS v1.3 cipher suites + + TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256 + TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384 + TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256 + TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 + TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 + +=head2 Older names used by OpenSSL + +The following names are accepted by older releases: + + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA) + SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA) + +=head1 NOTES + +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. + +=head1 EXAMPLES + +Verbose listing of all OpenSSL ciphers including NULL ciphers: + + openssl ciphers -v 'ALL:eNULL' + +Include all ciphers except NULL and anonymous DH then sort by +strength: + + openssl ciphers -v 'ALL:!ADH:@STRENGTH' + +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): + + openssl ciphers -v 'ALL:!aNULL' + +Include only 3DES ciphers and then place RSA ciphers last: + + openssl ciphers -v '3DES:+RSA' + +Include all RC4 ciphers but leave out those without authentication: + + openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' + +Include all ciphers with RSA authentication but leave out ciphers without +encryption. + + openssl ciphers -v 'RSA:!COMPLEMENTOFALL' + +Set security level to 2 and display all ciphers consistent with level 2: + + openssl ciphers -s -v 'ALL:@SECLEVEL=2' + +=head1 SEE ALSO + +L<s_client(1)>, L<s_server(1)>, L<ssl(7)> + +=head1 HISTORY + +The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0. + +The B<-stdname> is only available if OpenSSL is built with tracing enabled +(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1. + +The B<-convert> was added in OpenSSL 1.1.1. + +=head1 COPYRIGHT + +Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut |