1CIPHERS(1) OpenSSL CIPHERS(1)
2
3
4
6 ciphers - SSL cipher display and cipher list tool.
7
9 openssl ciphers [-v] [-ssl2] [-ssl3] [-tls1] [cipherlist]
10
12 The cipherlist command converts OpenSSL cipher lists into ordered SSL
13 cipher preference lists. It can be used as a test tool to determine the
14 appropriate cipherlist.
15
17 -v verbose option. List ciphers with a complete description of proto‐
18 col version (SSLv2 or SSLv3; the latter includes TLS), key
19 exchange, authentication, encryption and mac algorithms used along
20 with any key size restrictions and whether the algorithm is classed
21 as an "export" cipher. Note that without the -v option, ciphers
22 may seem to appear twice in a cipher list; this is when similar
23 ciphers are available for SSL v2 and for SSL v3/TLS v1.
24
25 -ssl3
26 only include SSL v3 ciphers.
27
28 -ssl2
29 only include SSL v2 ciphers.
30
31 -tls1
32 only include TLS v1 ciphers.
33
34 -h, -?
35 print a brief usage message.
36
37 cipherlist
38 a cipher list to convert to a cipher preference list. If it is not
39 included then the default cipher list will be used. The format is
40 described below.
41
43 The cipher list consists of one or more cipher strings separated by
44 colons. Commas or spaces are also acceptable separators but colons are
45 normally used.
46
47 The actual cipher string can take several different forms.
48
49 It can consist of a single cipher suite such as RC4-SHA.
50
51 It can represent a list of cipher suites containing a certain algo‐
52 rithm, or cipher suites of a certain type. For example SHA1 represents
53 all ciphers suites using the digest algorithm SHA1 and SSLv3 represents
54 all SSL v3 algorithms.
55
56 Lists of cipher suites can be combined in a single cipher string using
57 the + character. This is used as a logical and operation. For example
58 SHA1+DES represents all cipher suites containing the SHA1 and the DES
59 algorithms.
60
61 Each cipher string can be optionally preceded by the characters !, - or
62 +.
63
64 If ! is used then the ciphers are permanently deleted from the list.
65 The ciphers deleted can never reappear in the list even if they are
66 explicitly stated.
67
68 If - is used then the ciphers are deleted from the list, but some or
69 all of the ciphers can be added again by later options.
70
71 If + is used then the ciphers are moved to the end of the list. This
72 option doesn't add any new ciphers it just moves matching existing
73 ones.
74
75 If none of these characters is present then the string is just inter‐
76 preted as a list of ciphers to be appended to the current preference
77 list. If the list includes any ciphers already present they will be
78 ignored: that is they will not moved to the end of the list.
79
80 Additionally the cipher string @STRENGTH can be used at any point to
81 sort the current cipher list in order of encryption algorithm key
82 length.
83
85 The following is a list of all permitted cipher strings and their mean‐
86 ings.
87
88 DEFAULT
89 the default cipher list. This is determined at compile time and is
90 normally ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. This must be the first
91 cipher string specified.
92
93 COMPLEMENTOFDEFAULT
94 the ciphers included in ALL, but not enabled by default. Currently
95 this is ADH. Note that this rule does not cover eNULL, which is not
96 included by ALL (use COMPLEMENTOFALL if necessary).
97
98 ALL all ciphers suites except the eNULL ciphers which must be explic‐
99 itly enabled.
100
101 COMPLEMENTOFALL
102 the cipher suites not enabled by ALL, currently being eNULL.
103
104 HIGH
105 "high" encryption cipher suites. This currently means those with
106 key lengths larger than 128 bits.
107
108 MEDIUM
109 "medium" encryption cipher suites, currently those using 128 bit
110 encryption.
111
112 LOW "low" encryption cipher suites, currently those using 64 or 56 bit
113 encryption algorithms but excluding export cipher suites.
114
115 EXP, EXPORT
116 export encryption algorithms. Including 40 and 56 bits algorithms.
117
118 EXPORT40
119 40 bit export encryption algorithms
120
121 EXPORT56
122 56 bit export encryption algorithms.
123
124 eNULL, NULL
125 the "NULL" ciphers that is those offering no encryption. Because
126 these offer no encryption at all and are a security risk they are
127 disabled unless explicitly included.
128
129 aNULL
130 the cipher suites offering no authentication. This is currently the
131 anonymous DH algorithms. These cipher suites are vulnerable to a
132 "man in the middle" attack and so their use is normally discour‐
133 aged.
134
135 kRSA, RSA
136 cipher suites using RSA key exchange.
137
138 kEDH
139 cipher suites using ephemeral DH key agreement.
140
141 kDHr, kDHd
142 cipher suites using DH key agreement and DH certificates signed by
143 CAs with RSA and DSS keys respectively. Not implemented.
144
145 aRSA
146 cipher suites using RSA authentication, i.e. the certificates carry
147 RSA keys.
148
149 aDSS, DSS
150 cipher suites using DSS authentication, i.e. the certificates carry
151 DSS keys.
152
153 aDH cipher suites effectively using DH authentication, i.e. the cer‐
154 tificates carry DH keys. Not implemented.
155
156 kFZA, aFZA, eFZA, FZA
157 ciphers suites using FORTEZZA key exchange, authentication, encryp‐
158 tion or all FORTEZZA algorithms. Not implemented.
159
160 TLSv1, SSLv3, SSLv2
161 TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
162
163 DH cipher suites using DH, including anonymous DH.
164
165 ADH anonymous DH cipher suites.
166
167 AES cipher suites using AES.
168
169 3DES
170 cipher suites using triple DES.
171
172 DES cipher suites using DES (not triple DES).
173
174 RC4 cipher suites using RC4.
175
176 RC2 cipher suites using RC2.
177
178 IDEA
179 cipher suites using IDEA.
180
181 MD5 cipher suites using MD5.
182
183 SHA1, SHA
184 cipher suites using SHA1.
185
187 The following lists give the SSL or TLS cipher suites names from the
188 relevant specification and their OpenSSL equivalents. It should be
189 noted, that several cipher suite names do not include the authentica‐
190 tion used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is
191 used.
192
193 SSL v3.0 cipher suites.
194
195 SSL_RSA_WITH_NULL_MD5 NULL-MD5
196 SSL_RSA_WITH_NULL_SHA NULL-SHA
197 SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
198 SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
199 SSL_RSA_WITH_RC4_128_SHA RC4-SHA
200 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
201 SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
202 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
203 SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
204 SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
205
206 SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
207 SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
208 SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
209 SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
210 SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
211 SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
212 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
213 SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
214 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
215 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
216 SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
217 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
218
219 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
220 SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
221 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
222 SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
223 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
224
225 SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
226 SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
227 SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
228
229 TLS v1.0 cipher suites.
230
231 TLS_RSA_WITH_NULL_MD5 NULL-MD5
232 TLS_RSA_WITH_NULL_SHA NULL-SHA
233 TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
234 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
235 TLS_RSA_WITH_RC4_128_SHA RC4-SHA
236 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
237 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
238 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
239 TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
240 TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
241
242 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
243 TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
244 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
245 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
246 TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
247 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
248 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
249 TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
250 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
251 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
252 TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
253 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
254
255 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
256 TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
257 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
258 TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
259 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
260
261 AES ciphersuites from RFC3268, extending TLS v1.0
262
263 TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
264 TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
265
266 TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
267 TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
268 TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
269 TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
270
271 TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
272 TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
273 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
274 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
275
276 TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
277 TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
278
279 Additional Export 1024 and other cipher suites
280
281 Note: these ciphers can also be used in SSL v3.
282
283 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
284 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
285 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
286 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
287 TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
288
289 SSL v2.0 cipher suites.
290
291 SSL_CK_RC4_128_WITH_MD5 RC4-MD5
292 SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
293 SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
294 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
295 SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
296 SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
297 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
298
300 The non-ephemeral DH modes are currently unimplemented in OpenSSL
301 because there is no support for DH certificates.
302
303 Some compiled versions of OpenSSL may not include all the ciphers
304 listed here because some ciphers were excluded at compile time.
305
307 Verbose listing of all OpenSSL ciphers including NULL ciphers:
308
309 openssl ciphers -v 'ALL:eNULL'
310
311 Include all ciphers except NULL and anonymous DH then sort by strength:
312
313 openssl ciphers -v 'ALL:!ADH:@STRENGTH'
314
315 Include only 3DES ciphers and then place RSA ciphers last:
316
317 openssl ciphers -v '3DES:+RSA'
318
319 Include all RC4 ciphers but leave out those without authentication:
320
321 openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
322
323 Include all chiphers with RSA authentication but leave out ciphers
324 without encryption.
325
326 openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
327
329 s_client(1), s_server(1), ssl(3)
330
332 The COMPLENTOFALL and COMPLEMENTOFDEFAULT selection options were added
333 in version 0.9.7.
334
335
336
3370.9.8b 2002-12-29 CIPHERS(1)