1CIPHERS(1)                          OpenSSL                         CIPHERS(1)
2
3
4

NAME

6       ciphers - SSL cipher display and cipher list tool.
7

SYNOPSIS

9       openssl ciphers [-v] [-V] [-ssl2] [-ssl3] [-tls1] [cipherlist]
10

DESCRIPTION

12       The ciphers command converts textual OpenSSL cipher lists into ordered
13       SSL cipher preference lists. It can be used as a test tool to determine
14       the appropriate cipherlist.
15

COMMAND OPTIONS

17       -v  Verbose option. List ciphers with a complete description of
18           protocol version (SSLv2 or SSLv3; the latter includes TLS), key
19           exchange, authentication, encryption and mac algorithms used along
20           with any key size restrictions and whether the algorithm is classed
21           as an "export" cipher.  Note that without the -v option, ciphers
22           may seem to appear twice in a cipher list; this is when similar
23           ciphers are available for SSL v2 and for SSL v3/TLS v1.
24
25       -V  Like -V, but include cipher suite codes in output (hex format).
26
27       -ssl3
28           only include SSL v3 ciphers.
29
30       -ssl2
31           only include SSL v2 ciphers.
32
33       -tls1
34           only include TLS v1 ciphers.
35
36       -h, -?
37           print a brief usage message.
38
39       cipherlist
40           a cipher list to convert to a cipher preference list. If it is not
41           included then the default cipher list will be used. The format is
42           described below.
43

CIPHER LIST FORMAT

45       The cipher list consists of one or more cipher strings separated by
46       colons.  Commas or spaces are also acceptable separators but colons are
47       normally used.
48
49       The actual cipher string can take several different forms.
50
51       It can consist of a single cipher suite such as RC4-SHA.
52
53       It can represent a list of cipher suites containing a certain
54       algorithm, or cipher suites of a certain type. For example SHA1
55       represents all ciphers suites using the digest algorithm SHA1 and SSLv3
56       represents all SSL v3 algorithms.
57
58       Lists of cipher suites can be combined in a single cipher string using
59       the + character. This is used as a logical and operation. For example
60       SHA1+DES represents all cipher suites containing the SHA1 and the DES
61       algorithms.
62
63       Each cipher string can be optionally preceded by the characters !, - or
64       +.
65
66       If ! is used then the ciphers are permanently deleted from the list.
67       The ciphers deleted can never reappear in the list even if they are
68       explicitly stated.
69
70       If - is used then the ciphers are deleted from the list, but some or
71       all of the ciphers can be added again by later options.
72
73       If + is used then the ciphers are moved to the end of the list. This
74       option doesn't add any new ciphers it just moves matching existing
75       ones.
76
77       If none of these characters is present then the string is just
78       interpreted as a list of ciphers to be appended to the current
79       preference list. If the list includes any ciphers already present they
80       will be ignored: that is they will not moved to the end of the list.
81
82       Additionally the cipher string @STRENGTH can be used at any point to
83       sort the current cipher list in order of encryption algorithm key
84       length.
85

CIPHER STRINGS

87       The following is a list of all permitted cipher strings and their
88       meanings.
89
90       DEFAULT
91           the default cipher list. This is determined at compile time and, as
92           of OpenSSL 1.0.0, is normally ALL:!aNULL:!eNULL. This must be the
93           first cipher string specified.
94
95       COMPLEMENTOFDEFAULT
96           the ciphers included in ALL, but not enabled by default. Currently
97           this is ADH. Note that this rule does not cover eNULL, which is not
98           included by ALL (use COMPLEMENTOFALL if necessary).
99
100       ALL all cipher suites except the eNULL ciphers which must be explicitly
101           enabled; as of OpenSSL, the ALL cipher suites are reasonably
102           ordered by default
103
104       COMPLEMENTOFALL
105           the cipher suites not enabled by ALL, currently being eNULL.
106
107       HIGH
108           "high" encryption cipher suites. This currently means those with
109           key lengths larger than 128 bits, and some cipher suites with
110           128-bit keys.
111
112       MEDIUM
113           "medium" encryption cipher suites, currently some of those using
114           128 bit encryption.
115
116       LOW "low" encryption cipher suites, currently those using 64 or 56 bit
117           encryption algorithms but excluding export cipher suites.
118
119       EXP, EXPORT
120           export encryption algorithms. Including 40 and 56 bits algorithms.
121
122       EXPORT40
123           40 bit export encryption algorithms
124
125       EXPORT56
126           56 bit export encryption algorithms. In OpenSSL 0.9.8c and later
127           the set of 56 bit export ciphers is empty unless OpenSSL has been
128           explicitly configured with support for experimental ciphers.
129
130       eNULL, NULL
131           the "NULL" ciphers that is those offering no encryption. Because
132           these offer no encryption at all and are a security risk they are
133           disabled unless explicitly included.
134
135       aNULL
136           the cipher suites offering no authentication. This is currently the
137           anonymous DH algorithms. These cipher suites are vulnerable to a
138           "man in the middle" attack and so their use is normally
139           discouraged.
140
141       kRSA, RSA
142           cipher suites using RSA key exchange.
143
144       kEDH
145           cipher suites using ephemeral DH key agreement.
146
147       kDHr, kDHd
148           cipher suites using DH key agreement and DH certificates signed by
149           CAs with RSA and DSS keys respectively. Not implemented.
150
151       aRSA
152           cipher suites using RSA authentication, i.e. the certificates carry
153           RSA keys.
154
155       aDSS, DSS
156           cipher suites using DSS authentication, i.e. the certificates carry
157           DSS keys.
158
159       aDH cipher suites effectively using DH authentication, i.e. the
160           certificates carry DH keys.  Not implemented.
161
162       kFZA, aFZA, eFZA, FZA
163           ciphers suites using FORTEZZA key exchange, authentication,
164           encryption or all FORTEZZA algorithms. Not implemented.
165
166       TLSv1, SSLv3, SSLv2
167           TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
168
169       DH  cipher suites using DH, including anonymous DH.
170
171       ADH anonymous DH cipher suites.
172
173       AES cipher suites using AES.
174
175       CAMELLIA
176           cipher suites using Camellia.
177
178       3DES
179           cipher suites using triple DES.
180
181       DES cipher suites using DES (not triple DES).
182
183       RC4 cipher suites using RC4.
184
185       RC2 cipher suites using RC2.
186
187       IDEA
188           cipher suites using IDEA.
189
190       SEED
191           cipher suites using SEED.
192
193       MD5 cipher suites using MD5.
194
195       SHA1, SHA
196           cipher suites using SHA1.
197
198       aGOST
199           cipher suites using GOST R 34.10 (either 2001 or 94) for
200           authenticaction (needs an engine supporting GOST algorithms).
201
202       aGOST01
203           cipher suites using GOST R 34.10-2001 authentication.
204
205       aGOST94
206           cipher suites using GOST R 34.10-94 authentication (note that R
207           34.10-94 standard has been expired so use GOST R 34.10-2001)
208
209       kGOST
210           cipher suites, using VKO 34.10 key exchange, specified in the RFC
211           4357.
212
213       GOST94
214           cipher suites, using HMAC based on GOST R 34.11-94.
215
216       GOST89MAC
217           cipher suites using GOST 28147-89 MAC instead of HMAC.
218

CIPHER SUITE NAMES

220       The following lists give the SSL or TLS cipher suites names from the
221       relevant specification and their OpenSSL equivalents. It should be
222       noted, that several cipher suite names do not include the
223       authentication used, e.g. DES-CBC3-SHA. In these cases, RSA
224       authentication is used.
225
226   SSL v3.0 cipher suites.
227        SSL_RSA_WITH_NULL_MD5                   NULL-MD5
228        SSL_RSA_WITH_NULL_SHA                   NULL-SHA
229        SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
230        SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
231        SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
232        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
233        SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
234        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
235        SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
236        SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
237
238        SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
239        SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
240        SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
241        SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
242        SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
243        SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
244        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
245        SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
246        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
247        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
248        SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
249        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
250
251        SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
252        SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
253        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
254        SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
255        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
256
257        SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
258        SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
259        SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
260
261   TLS v1.0 cipher suites.
262        TLS_RSA_WITH_NULL_MD5                   NULL-MD5
263        TLS_RSA_WITH_NULL_SHA                   NULL-SHA
264        TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
265        TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
266        TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
267        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
268        TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
269        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
270        TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
271        TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
272
273        TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
274        TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
275        TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
276        TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
277        TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
278        TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
279        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
280        TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
281        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
282        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
283        TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
284        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
285
286        TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
287        TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
288        TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
289        TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
290        TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
291
292   AES ciphersuites from RFC3268, extending TLS v1.0
293        TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
294        TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
295
296        TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
297        TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
298        TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
299        TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
300
301        TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
302        TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
303        TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
304        TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
305
306        TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
307        TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
308
309   Camellia ciphersuites from RFC4132, extending TLS v1.0
310        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
311        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
312
313        TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
314        TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
315        TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
316        TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
317
318        TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
319        TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
320        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
321        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
322
323        TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
324        TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
325
326   SEED ciphersuites from RFC4162, extending TLS v1.0
327        TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
328
329        TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
330        TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
331
332        TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
333        TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
334
335        TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
336
337   GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
338       Note: these ciphers require an engine which including GOST
339       cryptographic algorithms, such as the ccgost engine, included in the
340       OpenSSL distribution.
341
342        TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
343        TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
344        TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
345        TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
346
347   Additional Export 1024 and other cipher suites
348       Note: these ciphers can also be used in SSL v3.
349
350        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
351        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
352        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
353        TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
354        TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
355
356   SSL v2.0 cipher suites.
357        SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
358        SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
359        SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
360        SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
361        SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
362        SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
363        SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
364

NOTES

366       The non-ephemeral DH modes are currently unimplemented in OpenSSL
367       because there is no support for DH certificates.
368
369       Some compiled versions of OpenSSL may not include all the ciphers
370       listed here because some ciphers were excluded at compile time.
371

EXAMPLES

373       Verbose listing of all OpenSSL ciphers including NULL ciphers:
374
375        openssl ciphers -v 'ALL:eNULL'
376
377       Include all ciphers except NULL and anonymous DH then sort by strength:
378
379        openssl ciphers -v 'ALL:!ADH:@STRENGTH'
380
381       Include only 3DES ciphers and then place RSA ciphers last:
382
383        openssl ciphers -v '3DES:+RSA'
384
385       Include all RC4 ciphers but leave out those without authentication:
386
387        openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
388
389       Include all chiphers with RSA authentication but leave out ciphers
390       without encryption.
391
392        openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
393

SEE ALSO

395       s_client(1), s_server(1), ssl(3)
396

HISTORY

398       The COMPLENTOFALL and COMPLEMENTOFDEFAULT selection options for
399       cipherlist strings were added in OpenSSL 0.9.7.  The -V option for the
400       ciphers command was added in OpenSSL 1.0.0.
401
402
403
4041.0.0e                            2009-09-30                        CIPHERS(1)
Impressum