1CIPHERS(1)                          OpenSSL                         CIPHERS(1)
2
3
4

NAME

6       ciphers - SSL cipher display and cipher list tool.
7

SYNOPSIS

9       openssl ciphers [-v] [-ssl2] [-ssl3] [-tls1] [cipherlist]
10

DESCRIPTION

12       The cipherlist command converts OpenSSL cipher lists into ordered SSL
13       cipher preference lists. It can be used as a test tool to determine the
14       appropriate cipherlist.
15

COMMAND OPTIONS

17       -v  verbose option. List ciphers with a complete description of proto‐
18           col version (SSLv2 or SSLv3; the latter includes TLS), key
19           exchange, authentication, encryption and mac algorithms used along
20           with any key size restrictions and whether the algorithm is classed
21           as an "export" cipher.  Note that without the -v option, ciphers
22           may seem to appear twice in a cipher list; this is when similar
23           ciphers are available for SSL v2 and for SSL v3/TLS v1.
24
25       -ssl3
26           only include SSL v3 ciphers.
27
28       -ssl2
29           only include SSL v2 ciphers.
30
31       -tls1
32           only include TLS v1 ciphers.
33
34       -h, -?
35           print a brief usage message.
36
37       cipherlist
38           a cipher list to convert to a cipher preference list. If it is not
39           included then the default cipher list will be used. The format is
40           described below.
41

CIPHER LIST FORMAT

43       The cipher list consists of one or more cipher strings separated by
44       colons.  Commas or spaces are also acceptable separators but colons are
45       normally used.
46
47       The actual cipher string can take several different forms.
48
49       It can consist of a single cipher suite such as RC4-SHA.
50
51       It can represent a list of cipher suites containing a certain algo‐
52       rithm, or cipher suites of a certain type. For example SHA1 represents
53       all ciphers suites using the digest algorithm SHA1 and SSLv3 represents
54       all SSL v3 algorithms.
55
56       Lists of cipher suites can be combined in a single cipher string using
57       the + character. This is used as a logical and operation. For example
58       SHA1+DES represents all cipher suites containing the SHA1 and the DES
59       algorithms.
60
61       Each cipher string can be optionally preceded by the characters !, - or
62       +.
63
64       If ! is used then the ciphers are permanently deleted from the list.
65       The ciphers deleted can never reappear in the list even if they are
66       explicitly stated.
67
68       If - is used then the ciphers are deleted from the list, but some or
69       all of the ciphers can be added again by later options.
70
71       If + is used then the ciphers are moved to the end of the list. This
72       option doesn't add any new ciphers it just moves matching existing
73       ones.
74
75       If none of these characters is present then the string is just inter‐
76       preted as a list of ciphers to be appended to the current preference
77       list. If the list includes any ciphers already present they will be
78       ignored: that is they will not moved to the end of the list.
79
80       Additionally the cipher string @STRENGTH can be used at any point to
81       sort the current cipher list in order of encryption algorithm key
82       length.
83

CIPHER STRINGS

85       The following is a list of all permitted cipher strings and their mean‐
86       ings.
87
88       DEFAULT
89           the default cipher list. This is determined at compile time and is
90           normally ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. This must be the first
91           cipher string specified.
92
93       COMPLEMENTOFDEFAULT
94           the ciphers included in ALL, but not enabled by default. Currently
95           this is ADH. Note that this rule does not cover eNULL, which is not
96           included by ALL (use COMPLEMENTOFALL if necessary).
97
98       ALL all ciphers suites except the eNULL ciphers which must be explic‐
99           itly enabled.
100
101       COMPLEMENTOFALL
102           the cipher suites not enabled by ALL, currently being eNULL.
103
104       HIGH
105           "high" encryption cipher suites. This currently means those with
106           key lengths larger than 128 bits.
107
108       MEDIUM
109           "medium" encryption cipher suites, currently those using 128 bit
110           encryption.
111
112       LOW "low" encryption cipher suites, currently those using 64 or 56 bit
113           encryption algorithms but excluding export cipher suites.
114
115       EXP, EXPORT
116           export encryption algorithms. Including 40 and 56 bits algorithms.
117
118       EXPORT40
119           40 bit export encryption algorithms
120
121       EXPORT56
122           56 bit export encryption algorithms.
123
124       eNULL, NULL
125           the "NULL" ciphers that is those offering no encryption. Because
126           these offer no encryption at all and are a security risk they are
127           disabled unless explicitly included.
128
129       aNULL
130           the cipher suites offering no authentication. This is currently the
131           anonymous DH algorithms. These cipher suites are vulnerable to a
132           "man in the middle" attack and so their use is normally discour‐
133           aged.
134
135       kRSA, RSA
136           cipher suites using RSA key exchange.
137
138       kEDH
139           cipher suites using ephemeral DH key agreement.
140
141       kDHr, kDHd
142           cipher suites using DH key agreement and DH certificates signed by
143           CAs with RSA and DSS keys respectively. Not implemented.
144
145       aRSA
146           cipher suites using RSA authentication, i.e. the certificates carry
147           RSA keys.
148
149       aDSS, DSS
150           cipher suites using DSS authentication, i.e. the certificates carry
151           DSS keys.
152
153       aDH cipher suites effectively using DH authentication, i.e. the cer‐
154           tificates carry DH keys.  Not implemented.
155
156       kFZA, aFZA, eFZA, FZA
157           ciphers suites using FORTEZZA key exchange, authentication, encryp‐
158           tion or all FORTEZZA algorithms. Not implemented.
159
160       TLSv1, SSLv3, SSLv2
161           TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
162
163       DH  cipher suites using DH, including anonymous DH.
164
165       ADH anonymous DH cipher suites.
166
167       AES cipher suites using AES.
168
169       3DES
170           cipher suites using triple DES.
171
172       DES cipher suites using DES (not triple DES).
173
174       RC4 cipher suites using RC4.
175
176       RC2 cipher suites using RC2.
177
178       IDEA
179           cipher suites using IDEA.
180
181       MD5 cipher suites using MD5.
182
183       SHA1, SHA
184           cipher suites using SHA1.
185

CIPHER SUITE NAMES

187       The following lists give the SSL or TLS cipher suites names from the
188       relevant specification and their OpenSSL equivalents. It should be
189       noted, that several cipher suite names do not include the authentica‐
190       tion used, e.g. DES-CBC3-SHA. In these cases, RSA authentication is
191       used.
192
193       SSL v3.0 cipher suites.
194
195        SSL_RSA_WITH_NULL_MD5                   NULL-MD5
196        SSL_RSA_WITH_NULL_SHA                   NULL-SHA
197        SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
198        SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
199        SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
200        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
201        SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
202        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
203        SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
204        SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
205
206        SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
207        SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
208        SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
209        SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
210        SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
211        SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
212        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
213        SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
214        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
215        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
216        SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
217        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
218
219        SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
220        SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
221        SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
222        SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
223        SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
224
225        SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
226        SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
227        SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
228
229       TLS v1.0 cipher suites.
230
231        TLS_RSA_WITH_NULL_MD5                   NULL-MD5
232        TLS_RSA_WITH_NULL_SHA                   NULL-SHA
233        TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
234        TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
235        TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
236        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
237        TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
238        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
239        TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
240        TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
241
242        TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
243        TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
244        TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
245        TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
246        TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
247        TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
248        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
249        TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
250        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
251        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
252        TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
253        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
254
255        TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
256        TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
257        TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
258        TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
259        TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
260
261       AES ciphersuites from RFC3268, extending TLS v1.0
262
263        TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
264        TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
265
266        TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
267        TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
268        TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
269        TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
270
271        TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
272        TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
273        TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
274        TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
275
276        TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
277        TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
278
279       Additional Export 1024 and other cipher suites
280
281       Note: these ciphers can also be used in SSL v3.
282
283        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
284        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
285        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
286        TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
287        TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
288
289       SSL v2.0 cipher suites.
290
291        SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
292        SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
293        SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
294        SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
295        SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
296        SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
297        SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
298

NOTES

300       The non-ephemeral DH modes are currently unimplemented in OpenSSL
301       because there is no support for DH certificates.
302
303       Some compiled versions of OpenSSL may not include all the ciphers
304       listed here because some ciphers were excluded at compile time.
305

EXAMPLES

307       Verbose listing of all OpenSSL ciphers including NULL ciphers:
308
309        openssl ciphers -v 'ALL:eNULL'
310
311       Include all ciphers except NULL and anonymous DH then sort by strength:
312
313        openssl ciphers -v 'ALL:!ADH:@STRENGTH'
314
315       Include only 3DES ciphers and then place RSA ciphers last:
316
317        openssl ciphers -v '3DES:+RSA'
318
319       Include all RC4 ciphers but leave out those without authentication:
320
321        openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
322
323       Include all chiphers with RSA authentication but leave out ciphers
324       without encryption.
325
326        openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
327

SEE ALSO

329       s_client(1), s_server(1), ssl(3)
330

HISTORY

332       The COMPLENTOFALL and COMPLEMENTOFDEFAULT selection options were added
333       in version 0.9.7.
334
335
336
3370.9.8b                            2002-12-29                        CIPHERS(1)
Impressum