Add PSK ciphersuites to docs
[openssl.git] / doc / apps / ciphers.pod
1 =pod
2
3 =head1 NAME
4
5 ciphers - SSL cipher display and cipher list tool.
6
7 =head1 SYNOPSIS
8
9 B<openssl> B<ciphers>
10 [B<-s>]
11 [B<-v>]
12 [B<-V>]
13 [B<-ssl3>]
14 [B<-tls1>]
15 [B<-stdname>]
16 [B<cipherlist>]
17
18 =head1 DESCRIPTION
19
20 The B<ciphers> command converts textual OpenSSL cipher lists into ordered
21 SSL cipher preference lists. It can be used as a test tool to determine
22 the appropriate cipherlist.
23
24 =head1 COMMAND OPTIONS
25
26 =over 4
27
28 =item B<-s>
29
30 Only list supported ciphers: those consistent with the security level. This
31 is the actual cipher list an application will support. If this option is
32 not used then ciphers excluded by the security level will still be listed.
33
34 =item B<-v>
35
36 Verbose option. List ciphers with a complete description of
37 protocol version, key exchange,
38 authentication, encryption and mac algorithms used along with any key size
39 restrictions and whether the algorithm is classed as an "export" cipher.
40
41 =item B<-V>
42
43 Like B<-v>, but include cipher suite codes in output (hex format).
44
45 =item B<-ssl3>
46
47 only include SSL v3 ciphers.
48
49 =item B<-tls1>
50
51 only include TLS v1 ciphers.
52
53 =item B<-stdname>
54
55 precede each ciphersuite by its standard name: only available is OpenSSL
56 is built with tracing enabled (B<enable-ssl-trace> argument to Configure).
57
58 =item B<-h>, B<-?>
59
60 print a brief usage message.
61
62 =item B<cipherlist>
63
64 a cipher list to convert to a cipher preference list. If it is not included
65 then the default cipher list will be used. The format is described below.
66
67 =back
68
69 =head1 CIPHER LIST FORMAT
70
71 The cipher list consists of one or more I<cipher strings> separated by colons.
72 Commas or spaces are also acceptable separators but colons are normally used.
73
74 The actual cipher string can take several different forms.
75
76 It can consist of a single cipher suite such as B<RC4-SHA>.
77
78 It can represent a list of cipher suites containing a certain algorithm, or
79 cipher suites of a certain type. For example B<SHA1> represents all ciphers
80 suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
81 algorithms.
82
83 Lists of cipher suites can be combined in a single cipher string using the
84 B<+> character. This is used as a logical B<and> operation. For example
85 B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
86 algorithms.
87
88 Each cipher string can be optionally preceded by the characters B<!>,
89 B<-> or B<+>.
90
91 If B<!> is used then the ciphers are permanently deleted from the list.
92 The ciphers deleted can never reappear in the list even if they are
93 explicitly stated.
94
95 If B<-> is used then the ciphers are deleted from the list, but some or
96 all of the ciphers can be added again by later options.
97
98 If B<+> is used then the ciphers are moved to the end of the list. This
99 option doesn't add any new ciphers it just moves matching existing ones.
100
101 If none of these characters is present then the string is just interpreted
102 as a list of ciphers to be appended to the current preference list. If the
103 list includes any ciphers already present they will be ignored: that is they
104 will not moved to the end of the list.
105
106 The cipher string B<@STRENGTH> can be used at any point to sort the current
107 cipher list in order of encryption algorithm key length.
108
109 The cipher string B<@SECLEVEL=n> can be used at any point to set the security
110 level to B<n>.
111
112 =head1 CIPHER STRINGS
113
114 The following is a list of all permitted cipher strings and their meanings.
115
116 =over 4
117
118 =item B<DEFAULT>
119
120 the default cipher list. This is determined at compile time and, as of OpenSSL
121 1.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
122 specified.
123
124 =item B<COMPLEMENTOFDEFAULT>
125
126 the ciphers included in B<ALL>, but not enabled by default. Currently
127 this is B<ADH> and B<AECDH>. Note that this rule does not cover B<eNULL>,
128 which is not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
129
130 =item B<ALL>
131
132 all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
133 as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
134
135 =item B<COMPLEMENTOFALL>
136
137 the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
138
139 =item B<HIGH>
140
141 "high" encryption cipher suites. This currently means those with key lengths
142 larger than 128 bits, and some cipher suites with 128-bit keys.
143
144 =item B<MEDIUM>
145
146 "medium" encryption cipher suites, currently some of those using 128 bit
147 encryption.
148
149 =item B<LOW>
150
151 "low" encryption cipher suites, currently those using 64 or 56 bit encryption
152 algorithms but excluding export cipher suites.
153
154 =item B<EXP>, B<EXPORT>
155
156 export encryption algorithms. Including 40 and 56 bits algorithms.
157
158 =item B<EXPORT40>
159
160 40 bit export encryption algorithms
161
162 =item B<EXPORT56>
163
164 56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
165 56 bit export ciphers is empty unless OpenSSL has been explicitly configured
166 with support for experimental ciphers.
167
168 =item B<eNULL>, B<NULL>
169
170 the "NULL" ciphers that is those offering no encryption. Because these offer no
171 encryption at all and are a security risk they are disabled unless explicitly
172 included.
173
174 =item B<aNULL>
175
176 the cipher suites offering no authentication. This is currently the anonymous
177 DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
178 to a "man in the middle" attack and so their use is normally discouraged.
179
180 =item B<kRSA>, B<aRSA>, B<RSA>
181
182 cipher suites using RSA key exchange, authentication or either respectively.
183
184 =item B<kDHr>, B<kDHd>, B<kDH>
185
186 cipher suites using DH key agreement and DH certificates signed by CAs with RSA
187 and DSS keys or either respectively.
188
189 =item B<kDHE>, B<kEDH>
190
191 cipher suites using ephemeral DH key agreement, including anonymous cipher
192 suites.
193
194 =item B<DHE>, B<EDH>
195
196 cipher suites using authenticated ephemeral DH key agreement.
197
198 =item B<ADH>
199
200 anonymous DH cipher suites, note that this does not include anonymous Elliptic
201 Curve DH (ECDH) cipher suites.
202
203 =item B<DH>
204
205 cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH.
206
207 =item B<kECDHr>, B<kECDHe>, B<kECDH>
208
209 cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA
210 keys or either respectively.
211
212 =item B<kEECDH>, B<kECDHE>
213
214 cipher suites using ephemeral ECDH key agreement, including anonymous
215 cipher suites.
216
217 =item B<ECDHE>, B<EECDH>
218
219 cipher suites using authenticated ephemeral ECDH key agreement.
220
221 =item B<AECDH>
222
223 anonymous Elliptic Curve Diffie Hellman cipher suites.
224
225 =item B<ECDH>
226
227 cipher suites using ECDH key exchange, including anonymous, ephemeral and
228 fixed ECDH.
229
230 =item B<aDSS>, B<DSS>
231
232 cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
233
234 =item B<aDH>
235
236 cipher suites effectively using DH authentication, i.e. the certificates carry
237 DH keys.
238
239 =item B<aECDH>
240
241 cipher suites effectively using ECDH authentication, i.e. the certificates
242 carry ECDH keys.
243
244 =item B<aECDSA>, B<ECDSA>
245
246 cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
247 keys.
248
249 =item B<TLSv1.2>, B<TLSv1>, B<SSLv3>
250
251 TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note:
252 there are no ciphersuites specific to TLS v1.1.
253
254 =item B<AES128>, B<AES256>, B<AES>
255
256 cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
257
258 =item B<AESGCM>
259
260 AES in Galois Counter Mode (GCM): these ciphersuites are only supported
261 in TLS v1.2.
262
263 =item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
264
265 cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
266 CAMELLIA.
267
268 =item B<3DES>
269
270 cipher suites using triple DES.
271
272 =item B<DES>
273
274 cipher suites using DES (not triple DES).
275
276 =item B<RC4>
277
278 cipher suites using RC4.
279
280 =item B<RC2>
281
282 cipher suites using RC2.
283
284 =item B<IDEA>
285
286 cipher suites using IDEA.
287
288 =item B<SEED>
289
290 cipher suites using SEED.
291
292 =item B<MD5>
293
294 cipher suites using MD5.
295
296 =item B<SHA1>, B<SHA>
297
298 cipher suites using SHA1.
299
300 =item B<SHA256>, B<SHA384>
301
302 ciphersuites using SHA256 or SHA384.
303
304 =item B<aGOST> 
305
306 cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
307 (needs an engine supporting GOST algorithms). 
308
309 =item B<aGOST01>
310
311 cipher suites using GOST R 34.10-2001 authentication.
312
313 =item B<aGOST94>
314
315 cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
316 standard has been expired so use GOST R 34.10-2001)
317
318 =item B<kGOST>
319
320 cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
321
322 =item B<GOST94>
323
324 cipher suites, using HMAC based on GOST R 34.11-94.
325
326 =item B<GOST89MAC>
327
328 cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
329
330 =item B<PSK>
331
332 all cipher suites using pre-shared keys (PSK).
333
334 =item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK>
335
336 cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
337
338 =item B<aPSK>
339
340 cipher suites using PSK authentication (currently all PSK modes apart from
341 RSA_PSK).
342
343 =item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
344
345 enables suite B mode operation using 128 (permitting 192 bit mode by peer)
346 128 bit (not permitting 192 bit by peer) or 192 bit level of security
347 respectively. If used these cipherstrings should appear first in the cipher
348 list and anything after them is ignored. Setting Suite B mode has additional
349 consequences required to comply with RFC6460. In particular the supported
350 signature algorithms is reduced to support only ECDSA and SHA256 or SHA384,
351 only the elliptic curves P-256 and P-384 can be used and only the two suite B
352 compliant ciphersuites (ECDHE-ECDSA-AES128-GCM-SHA256 and
353 ECDHE-ECDSA-AES256-GCM-SHA384) are permissible.
354
355 =back
356
357 =head1 CIPHER SUITE NAMES
358
359 The following lists give the SSL or TLS cipher suites names from the
360 relevant specification and their OpenSSL equivalents. It should be noted,
361 that several cipher suite names do not include the authentication used,
362 e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
363
364 =head2 SSL v3.0 cipher suites.
365
366  SSL_RSA_WITH_NULL_MD5                   NULL-MD5
367  SSL_RSA_WITH_NULL_SHA                   NULL-SHA
368  SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
369  SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
370  SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
371  SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
372  SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
373  SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
374  SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
375  SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
376
377  SSL_DH_DSS_WITH_DES_CBC_SHA             DH-DSS-DES-CBC-SHA
378  SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
379  SSL_DH_RSA_WITH_DES_CBC_SHA             DH-RSA-DES-CBC-SHA
380  SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
381  SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-DHE-DSS-DES-CBC-SHA
382  SSL_DHE_DSS_WITH_DES_CBC_SHA            DHE-DSS-CBC-SHA
383  SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
384  SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-DHE-RSA-DES-CBC-SHA
385  SSL_DHE_RSA_WITH_DES_CBC_SHA            DHE-RSA-DES-CBC-SHA
386  SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
387
388  SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
389  SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
390  SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
391  SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
392  SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
393
394  SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
395  SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
396  SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
397
398 =head2 TLS v1.0 cipher suites.
399
400  TLS_RSA_WITH_NULL_MD5                   NULL-MD5
401  TLS_RSA_WITH_NULL_SHA                   NULL-SHA
402  TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
403  TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
404  TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
405  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
406  TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
407  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
408  TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
409  TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
410
411  TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
412  TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
413  TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
414  TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
415  TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
416  TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
417  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-DHE-DSS-DES-CBC-SHA
418  TLS_DHE_DSS_WITH_DES_CBC_SHA            DHE-DSS-CBC-SHA
419  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
420  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-DHE-RSA-DES-CBC-SHA
421  TLS_DHE_RSA_WITH_DES_CBC_SHA            DHE-RSA-DES-CBC-SHA
422  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
423
424  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
425  TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
426  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
427  TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
428  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
429
430 =head2 AES ciphersuites from RFC3268, extending TLS v1.0
431
432  TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
433  TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
434
435  TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
436  TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
437  TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
438  TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
439
440  TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
441  TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
442  TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
443  TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
444
445  TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
446  TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
447
448 =head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
449
450  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
451  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
452
453  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
454  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
455  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
456  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
457
458  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
459  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
460  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
461  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
462
463  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
464  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
465
466 =head2 SEED ciphersuites from RFC4162, extending TLS v1.0
467
468  TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
469
470  TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
471  TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
472
473  TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
474  TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
475
476  TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
477
478 =head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
479
480 Note: these ciphers require an engine which including GOST cryptographic
481 algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
482
483  TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
484  TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
485  TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
486  TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
487
488 =head2 Additional Export 1024 and other cipher suites
489
490 Note: these ciphers can also be used in SSL v3.
491
492  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
493  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
494  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
495  TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
496  TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
497
498 =head2 Elliptic curve cipher suites.
499
500  TLS_ECDH_RSA_WITH_NULL_SHA              ECDH-RSA-NULL-SHA
501  TLS_ECDH_RSA_WITH_RC4_128_SHA           ECDH-RSA-RC4-SHA
502  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      ECDH-RSA-DES-CBC3-SHA
503  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       ECDH-RSA-AES128-SHA
504  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       ECDH-RSA-AES256-SHA
505  
506  TLS_ECDH_ECDSA_WITH_NULL_SHA            ECDH-ECDSA-NULL-SHA
507  TLS_ECDH_ECDSA_WITH_RC4_128_SHA         ECDH-ECDSA-RC4-SHA
508  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    ECDH-ECDSA-DES-CBC3-SHA
509  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     ECDH-ECDSA-AES128-SHA
510  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     ECDH-ECDSA-AES256-SHA
511  
512  TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
513  TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
514  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
515  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
516  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
517  
518  TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
519  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
520  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
521  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
522  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
523  
524  TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
525  TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
526  TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
527  TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
528  TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
529
530 =head2 TLS v1.2 cipher suites
531
532  TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
533
534  TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
535  TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
536  TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
537  TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
538
539  TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
540  TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
541  TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
542  TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
543
544  TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
545  TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
546  TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
547  TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
548
549  TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
550  TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
551  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
552  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
553
554  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
555  TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
556  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
557  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
558
559  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256      ECDH-RSA-AES128-SHA256
560  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384      ECDH-RSA-AES256-SHA384
561  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256      ECDH-RSA-AES128-GCM-SHA256
562  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384      ECDH-RSA-AES256-GCM-SHA384
563
564  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256    ECDH-ECDSA-AES128-SHA256
565  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384    ECDH-ECDSA-AES256-SHA384
566  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256    ECDH-ECDSA-AES128-GCM-SHA256
567  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384    ECDH-ECDSA-AES256-GCM-SHA384
568
569  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
570  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
571  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
572  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
573
574  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
575  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
576  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
577  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
578
579  TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
580  TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
581  TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
582  TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
583
584 =head2 Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
585
586  TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
587  TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
588  TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  ECDH-ECDSA-CAMELLIA128-SHA256
589  TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  ECDH-ECDSA-CAMELLIA256-SHA384
590  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
591  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
592  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-RSA-CAMELLIA128-SHA256
593  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-RSA-CAMELLIA256-SHA384
594
595 =head2 Pre shared keying (PSK) ciphersuites
596
597  PSK_WITH_NULL_SHA                         PSK-NULL-SHA
598  DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
599  RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
600
601  PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
602  PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
603  PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
604  PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
605
606  DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
607  DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
608  DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
609  DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
610
611  RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
612  RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
613  RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
614  RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
615
616  PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
617  PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
618  DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
619  DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
620  RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
621  RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
622
623  PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
624  PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
625  PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
626  PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
627  DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
628  DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
629  DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
630  DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
631  RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
632  RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
633  RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
634  RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
635  PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
636  PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
637
638  ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
639  ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
640  ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
641  ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
642  ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
643  ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
644  ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
645  ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
646  ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
647
648 =head1 NOTES
649
650 Some compiled versions of OpenSSL may not include all the ciphers
651 listed here because some ciphers were excluded at compile time.
652
653 =head1 EXAMPLES
654
655 Verbose listing of all OpenSSL ciphers including NULL ciphers:
656
657  openssl ciphers -v 'ALL:eNULL'
658
659 Include all ciphers except NULL and anonymous DH then sort by
660 strength:
661
662  openssl ciphers -v 'ALL:!ADH:@STRENGTH'
663
664 Include all ciphers except ones with no encryption (eNULL) or no
665 authentication (aNULL):
666
667  openssl ciphers -v 'ALL:!aNULL'
668
669 Include only 3DES ciphers and then place RSA ciphers last:
670
671  openssl ciphers -v '3DES:+RSA'
672
673 Include all RC4 ciphers but leave out those without authentication:
674
675  openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
676
677 Include all ciphers with RSA authentication but leave out ciphers without
678 encryption.
679
680  openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
681
682 Set security level to 2 and display all ciphers consistent with level 2:
683
684  openssl ciphers -s -v 'ALL:@SECLEVEL=2'
685
686 =head1 SEE ALSO
687
688 L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
689
690 =head1 HISTORY
691
692 The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
693 for cipherlist strings were added in OpenSSL 0.9.7.
694 The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
695
696 =cut