1=pod
2
3=head1 NAME
4
5ciphers - SSL cipher display and cipher list tool.
6
7=head1 SYNOPSIS
8
9B<openssl> B<ciphers>
10[B<-v>]
11[B<-V>]
12[B<-ssl2>]
13[B<-ssl3>]
14[B<-tls1>]
15[B<cipherlist>]
16
17=head1 DESCRIPTION
18
19The B<ciphers> command converts textual OpenSSL cipher lists into ordered
20SSL cipher preference lists. It can be used as a test tool to determine
21the appropriate cipherlist.
22
23=head1 COMMAND OPTIONS
24
25=over 4
26
27=item B<-v>
28
29Verbose option. List ciphers with a complete description of
30protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
31authentication, encryption and mac algorithms used along with any key size
32restrictions and whether the algorithm is classed as an "export" cipher.
33Note that without the B<-v> option, ciphers may seem to appear twice
34in a cipher list; this is when similar ciphers are available for
35SSL v2 and for SSL v3/TLS v1.
36
37=item B<-V>
38
39Like B<-V>, but include cipher suite codes in output (hex format).
40
41=item B<-ssl3>
42
43only include SSL v3 ciphers.
44
45=item B<-ssl2>
46
47only include SSL v2 ciphers.
48
49=item B<-tls1>
50
51only include TLS v1 ciphers.
52
53=item B<-h>, B<-?>
54
55print a brief usage message.
56
57=item B<cipherlist>
58
59a cipher list to convert to a cipher preference list. If it is not included
60then the default cipher list will be used. The format is described below.
61
62=back
63
64=head1 CIPHER LIST FORMAT
65
66The cipher list consists of one or more I<cipher strings> separated by colons.
67Commas or spaces are also acceptable separators but colons are normally used.
68
69The actual cipher string can take several different forms.
70
71It can consist of a single cipher suite such as B<RC4-SHA>.
72
73It can represent a list of cipher suites containing a certain algorithm, or
74cipher suites of a certain type. For example B<SHA1> represents all ciphers
75suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
76algorithms.
77
78Lists of cipher suites can be combined in a single cipher string using the
79B<+> character. This is used as a logical B<and> operation. For example
80B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
81algorithms.
82
83Each cipher string can be optionally preceded by the characters B<!>,
84B<-> or B<+>.
85
86If B<!> is used then the ciphers are permanently deleted from the list.
87The ciphers deleted can never reappear in the list even if they are
88explicitly stated.
89
90If B<-> is used then the ciphers are deleted from the list, but some or
91all of the ciphers can be added again by later options.
92
93If B<+> is used then the ciphers are moved to the end of the list. This
94option doesn't add any new ciphers it just moves matching existing ones.
95
96If none of these characters is present then the string is just interpreted
97as a list of ciphers to be appended to the current preference list. If the
98list includes any ciphers already present they will be ignored: that is they
99will not moved to the end of the list.
100
101Additionally the cipher string B<@STRENGTH> can be used at any point to sort
102the current cipher list in order of encryption algorithm key length.
103
104=head1 CIPHER STRINGS
105
106The following is a list of all permitted cipher strings and their meanings.
107
108=over 4
109
110=item B<DEFAULT>
111
112the default cipher list. This is determined at compile time and, as of OpenSSL
1131.0.0, is normally B<ALL:!aNULL:!eNULL>. This must be the first cipher string
114specified.
115
116=item B<COMPLEMENTOFDEFAULT>
117
118the ciphers included in B<ALL>, but not enabled by default. Currently
119this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
120not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
121
122=item B<ALL>
123
124all cipher suites except the B<eNULL> ciphers which must be explicitly enabled;
125as of OpenSSL, the B<ALL> cipher suites are reasonably ordered by default
126
127=item B<COMPLEMENTOFALL>
128
129the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
130
131=item B<HIGH>
132
133"high" encryption cipher suites. This currently means those with key lengths larger
134than 128 bits, and some cipher suites with 128-bit keys.
135
136=item B<MEDIUM>
137
138"medium" encryption cipher suites, currently some of those using 128 bit encryption.
139
140=item B<LOW>
141
142"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
143but excluding export cipher suites.
144
145=item B<EXP>, B<EXPORT>
146
147export encryption algorithms. Including 40 and 56 bits algorithms.
148
149=item B<EXPORT40>
150
15140 bit export encryption algorithms
152
153=item B<EXPORT56>
154
15556 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
15656 bit export ciphers is empty unless OpenSSL has been explicitly configured
157with support for experimental ciphers.
158
159=item B<eNULL>, B<NULL>
160
161the "NULL" ciphers that is those offering no encryption. Because these offer no
162encryption at all and are a security risk they are disabled unless explicitly
163included.
164
165=item B<aNULL>
166
167the cipher suites offering no authentication. This is currently the anonymous
168DH algorithms. These cipher suites are vulnerable to a "man in the middle"
169attack and so their use is normally discouraged.
170
171=item B<kRSA>, B<RSA>
172
173cipher suites using RSA key exchange.
174
175=item B<kEDH>
176
177cipher suites using ephemeral DH key agreement.
178
179=item B<kDHr>, B<kDHd>
180
181cipher suites using DH key agreement and DH certificates signed by CAs with RSA
182and DSS keys respectively. Not implemented.
183
184=item B<aRSA>
185
186cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
187
188=item B<aDSS>, B<DSS>
189
190cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
191
192=item B<aDH>
193
194cipher suites effectively using DH authentication, i.e. the certificates carry
195DH keys.  Not implemented.
196
197=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
198
199ciphers suites using FORTEZZA key exchange, authentication, encryption or all
200FORTEZZA algorithms. Not implemented.
201
202=item B<TLSv1>, B<SSLv3>, B<SSLv2>
203
204TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
205
206=item B<DH>
207
208cipher suites using DH, including anonymous DH.
209
210=item B<ADH>
211
212anonymous DH cipher suites.
213
214=item B<AES>
215
216cipher suites using AES.
217
218=item B<CAMELLIA>
219
220cipher suites using Camellia.
221
222=item B<3DES>
223
224cipher suites using triple DES.
225
226=item B<DES>
227
228cipher suites using DES (not triple DES).
229
230=item B<RC4>
231
232cipher suites using RC4.
233
234=item B<RC2>
235
236cipher suites using RC2.
237
238=item B<IDEA>
239
240cipher suites using IDEA.
241
242=item B<SEED>
243
244cipher suites using SEED.
245
246=item B<MD5>
247
248cipher suites using MD5.
249
250=item B<SHA1>, B<SHA>
251
252cipher suites using SHA1.
253
254=item B<aGOST> 
255
256cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
257(needs an engine supporting GOST algorithms). 
258
259=item B<aGOST01>
260
261cipher suites using GOST R 34.10-2001 authentication.
262
263=item B<aGOST94>
264
265cipher suites using GOST R 34.10-94 authentication (note that R 34.10-94
266standard has been expired so use GOST R 34.10-2001)
267
268=item B<kGOST>
269
270cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
271
272=item B<GOST94>
273
274cipher suites, using HMAC based on GOST R 34.11-94.
275
276=item B<GOST89MAC>
277
278cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
279
280
281=back
282
283=head1 CIPHER SUITE NAMES
284
285The following lists give the SSL or TLS cipher suites names from the
286relevant specification and their OpenSSL equivalents. It should be noted,
287that several cipher suite names do not include the authentication used,
288e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
289
290=head2 SSL v3.0 cipher suites.
291
292 SSL_RSA_WITH_NULL_MD5                   NULL-MD5
293 SSL_RSA_WITH_NULL_SHA                   NULL-SHA
294 SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
295 SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
296 SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
297 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
298 SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
299 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
300 SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
301 SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
302
303 SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
304 SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
305 SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
306 SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
307 SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
308 SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
309 SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
310 SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
311 SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
312 SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
313 SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
314 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
315
316 SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
317 SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
318 SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
319 SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
320 SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
321
322 SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
323 SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
324 SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
325
326=head2 TLS v1.0 cipher suites.
327
328 TLS_RSA_WITH_NULL_MD5                   NULL-MD5
329 TLS_RSA_WITH_NULL_SHA                   NULL-SHA
330 TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
331 TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
332 TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
333 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
334 TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
335 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
336 TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
337 TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
338
339 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
340 TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
341 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
342 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
343 TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
344 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
345 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
346 TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
347 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
348 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
349 TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
350 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
351
352 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
353 TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
354 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
355 TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
356 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
357
358=head2 AES ciphersuites from RFC3268, extending TLS v1.0
359
360 TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
361 TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
362
363 TLS_DH_DSS_WITH_AES_128_CBC_SHA         Not implemented.
364 TLS_DH_DSS_WITH_AES_256_CBC_SHA         Not implemented.
365 TLS_DH_RSA_WITH_AES_128_CBC_SHA         Not implemented.
366 TLS_DH_RSA_WITH_AES_256_CBC_SHA         Not implemented.
367
368 TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
369 TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
370 TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
371 TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
372
373 TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
374 TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
375
376=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
377
378 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
379 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
380
381 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
382 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
383 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   Not implemented.
384 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   Not implemented.
385
386 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
387 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
388 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
389 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
390
391 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
392 TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
393
394=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
395
396 TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
397
398 TLS_DH_DSS_WITH_SEED_CBC_SHA           Not implemented.
399 TLS_DH_RSA_WITH_SEED_CBC_SHA           Not implemented.
400
401 TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
402 TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
403
404 TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
405
406=head2 GOST ciphersuites from draft-chudov-cryptopro-cptls, extending TLS v1.0
407
408Note: these ciphers require an engine which including GOST cryptographic
409algorithms, such as the B<ccgost> engine, included in the OpenSSL distribution.
410
411 TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
412 TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
413 TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
414 TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
415
416=head2 Additional Export 1024 and other cipher suites
417
418Note: these ciphers can also be used in SSL v3.
419
420 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
421 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
422 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
423 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
424 TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
425
426=head2 SSL v2.0 cipher suites.
427
428 SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
429 SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
430 SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
431 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
432 SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
433 SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
434 SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
435
436=head1 NOTES
437
438The non-ephemeral DH modes are currently unimplemented in OpenSSL
439because there is no support for DH certificates.
440
441Some compiled versions of OpenSSL may not include all the ciphers
442listed here because some ciphers were excluded at compile time.
443
444=head1 EXAMPLES
445
446Verbose listing of all OpenSSL ciphers including NULL ciphers:
447
448 openssl ciphers -v 'ALL:eNULL'
449
450Include all ciphers except NULL and anonymous DH then sort by
451strength:
452
453 openssl ciphers -v 'ALL:!ADH:@STRENGTH'
454
455Include only 3DES ciphers and then place RSA ciphers last:
456
457 openssl ciphers -v '3DES:+RSA'
458
459Include all RC4 ciphers but leave out those without authentication:
460
461 openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
462
463Include all chiphers with RSA authentication but leave out ciphers without
464encryption.
465
466 openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
467
468=head1 SEE ALSO
469
470L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
471
472=head1 HISTORY
473
474The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options
475for cipherlist strings were added in OpenSSL 0.9.7.
476The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
477
478=cut
479