ciphers.pod revision 109998
1177366Sjkoshy=pod 2164190Sjkoshy 3164190Sjkoshy=head1 NAME 4164190Sjkoshy 5164190Sjkoshyciphers - SSL cipher display and cipher list tool. 6164190Sjkoshy 7164190Sjkoshy=head1 SYNOPSIS 8164190Sjkoshy 9164190SjkoshyB<openssl> B<ciphers> 10164190Sjkoshy[B<-v>] 11164190Sjkoshy[B<-ssl2>] 12164190Sjkoshy[B<-ssl3>] 13164190Sjkoshy[B<-tls1>] 14164190Sjkoshy[B<cipherlist>] 15164190Sjkoshy 16164190Sjkoshy=head1 DESCRIPTION 17164190Sjkoshy 18164190SjkoshyThe B<cipherlist> command converts OpenSSL cipher lists into ordered 19164190SjkoshySSL cipher preference lists. It can be used as a test tool to determine 20164190Sjkoshythe appropriate cipherlist. 21164190Sjkoshy 22164190Sjkoshy=head1 COMMAND OPTIONS 23164190Sjkoshy 24164190Sjkoshy=over 4 25164190Sjkoshy 26177366Sjkoshy=item B<-v> 27206622Suqs 28164190Sjkoshyverbose option. List ciphers with a complete description of 29164190Sjkoshyprotocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, 30164190Sjkoshyauthentication, encryption and mac algorithms used along with any key size 31164190Sjkoshyrestrictions and whether the algorithm is classed as an "export" cipher. 32164190SjkoshyNote that without the B<-v> option, ciphers may seem to appear twice 33164190Sjkoshyin a cipher list; this is when similar ciphers are available for 34164190SjkoshySSL v2 and for SSL v3/TLS v1. 35164190Sjkoshy 36164190Sjkoshy=item B<-ssl3> 37164190Sjkoshy 38164190Sjkoshyonly include SSL v3 ciphers. 39164190Sjkoshy 40164190Sjkoshy=item B<-ssl2> 41164190Sjkoshy 42164253Sruonly include SSL v2 ciphers. 43164190Sjkoshy 44164190Sjkoshy=item B<-tls1> 45164190Sjkoshy 46164190Sjkoshyonly include TLS v1 ciphers. 47164190Sjkoshy 48164190Sjkoshy=item B<-h>, B<-?> 49164190Sjkoshy 50164190Sjkoshyprint a brief usage message. 51164190Sjkoshy 52164190Sjkoshy=item B<cipherlist> 53164190Sjkoshy 54164190Sjkoshya cipher list to convert to a cipher preference list. If it is not included 55164190Sjkoshythen the default cipher list will be used. The format is described below. 56164190Sjkoshy 57164190Sjkoshy=back 58164190Sjkoshy 59164190Sjkoshy=head1 CIPHER LIST FORMAT 60164190Sjkoshy 61164190SjkoshyThe cipher list consists of one or more I<cipher strings> separated by colons. 62164190SjkoshyCommas or spaces are also acceptable separators but colons are normally used. 63164190Sjkoshy 64164190SjkoshyThe actual cipher string can take several different forms. 65164190Sjkoshy 66172861SjkoshyIt can consist of a single cipher suite such as B<RC4-SHA>. 67164190Sjkoshy 68164190SjkoshyIt can represent a list of cipher suites containing a certain algorithm, or 69226436Seadlercipher suites of a certain type. For example B<SHA1> represents all ciphers 70164190Sjkoshysuites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3 71164190Sjkoshyalgorithms. 72164190Sjkoshy 73164190SjkoshyLists of cipher suites can be combined in a single cipher string using the 74164190SjkoshyB<+> character. This is used as a logical B<and> operation. For example 75164190SjkoshyB<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES 76164190Sjkoshyalgorithms. 77164190Sjkoshy 78164190SjkoshyEach cipher string can be optionally preceded by the characters B<!>, 79164190SjkoshyB<-> or B<+>. 80164190Sjkoshy 81164190SjkoshyIf B<!> is used then the ciphers are permanently deleted from the list. 82164190SjkoshyThe ciphers deleted can never reappear in the list even if they are 83164190Sjkoshyexplicitly stated. 84164190Sjkoshy 85164190SjkoshyIf B<-> is used then the ciphers are deleted from the list, but some or 86164190Sjkoshyall of the ciphers can be added again by later options. 87164190Sjkoshy 88164190SjkoshyIf B<+> is used then the ciphers are moved to the end of the list. This 89164190Sjkoshyoption doesn't add any new ciphers it just moves matching existing ones. 90164190Sjkoshy 91164190SjkoshyIf none of these characters is present then the string is just interpreted 92164190Sjkoshyas a list of ciphers to be appended to the current preference list. If the 93164190Sjkoshylist includes any ciphers already present they will be ignored: that is they 94164190Sjkoshywill not moved to the end of the list. 95164190Sjkoshy 96164190SjkoshyAdditionally the cipher string B<@STRENGTH> can be used at any point to sort 97164190Sjkoshythe current cipher list in order of encryption algorithm key length. 98164190Sjkoshy 99164190Sjkoshy=head1 CIPHER STRINGS 100164190Sjkoshy 101164190SjkoshyThe following is a list of all permitted cipher strings and their meanings. 102164190Sjkoshy 103164190Sjkoshy=over 4 104164190Sjkoshy 105164190Sjkoshy=item B<DEFAULT> 106164190Sjkoshy 107164190Sjkoshythe default cipher list. This is determined at compile time and is normally 108164190SjkoshyB<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string 109164190Sjkoshyspecified. 110164190Sjkoshy 111164190Sjkoshy=item B<COMPLEMENTOFDEFAULT> 112164190Sjkoshy 113164190Sjkoshythe ciphers included in B<ALL>, but not enabled by default. Currently 114164190Sjkoshythis is B<ADH>. Note that this rule does not cover B<eNULL>, which is 115164190Sjkoshynot included by B<ALL> (use B<COMPLEMENTOFALL> if necessary). 116164190Sjkoshy 117164190Sjkoshy=item B<ALL> 118164190Sjkoshy 119164190Sjkoshyall ciphers suites except the B<eNULL> ciphers which must be explicitly enabled. 120164190Sjkoshy 121164190Sjkoshy=item B<COMPLEMENTOFALL> 122164190Sjkoshy 123164190Sjkoshythe cipher suites not enabled by B<ALL>, currently being B<eNULL>. 124164190Sjkoshy 125164190Sjkoshy=item B<HIGH> 126164190Sjkoshy 127164190Sjkoshy"high" encryption cipher suites. This currently means those with key lengths larger 128164190Sjkoshythan 128 bits. 129164190Sjkoshy 130164190Sjkoshy=item B<MEDIUM> 131164190Sjkoshy 132164190Sjkoshy"medium" encryption cipher suites, currently those using 128 bit encryption. 133164190Sjkoshy 134164190Sjkoshy=item B<LOW> 135177366Sjkoshy 136177366Sjkoshy"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms 137164190Sjkoshybut excluding export cipher suites. 138164190Sjkoshy 139164190Sjkoshy=item B<EXP>, B<EXPORT> 140164190Sjkoshy 141164190Sjkoshyexport encryption algorithms. Including 40 and 56 bits algorithms. 142164190Sjkoshy 143164190Sjkoshy=item B<EXPORT40> 144164190Sjkoshy 145164190Sjkoshy40 bit export encryption algorithms 146164190Sjkoshy 147164190Sjkoshy=item B<EXPORT56> 148164190Sjkoshy 149164190Sjkoshy56 bit export encryption algorithms. 150164190Sjkoshy 151164190Sjkoshy=item B<eNULL>, B<NULL> 152164190Sjkoshy 153164190Sjkoshythe "NULL" ciphers that is those offering no encryption. Because these offer no 154164190Sjkoshyencryption at all and are a security risk they are disabled unless explicitly 155164190Sjkoshyincluded. 156164190Sjkoshy 157164190Sjkoshy=item B<aNULL> 158164190Sjkoshy 159164190Sjkoshythe cipher suites offering no authentication. This is currently the anonymous 160164190SjkoshyDH algorithms. These cipher suites are vulnerable to a "man in the middle" 161164190Sjkoshyattack and so their use is normally discouraged. 162164190Sjkoshy 163164190Sjkoshy=item B<kRSA>, B<RSA> 164164190Sjkoshy 165164190Sjkoshycipher suites using RSA key exchange. 166164190Sjkoshy 167164190Sjkoshy=item B<kEDH> 168164190Sjkoshy 169164190Sjkoshycipher suites using ephemeral DH key agreement. 170164190Sjkoshy 171164190Sjkoshy=item B<kDHr>, B<kDHd> 172164190Sjkoshy 173164190Sjkoshycipher suites using DH key agreement and DH certificates signed by CAs with RSA 174164190Sjkoshyand DSS keys respectively. Not implemented. 175164190Sjkoshy 176164190Sjkoshy=item B<aRSA> 177164190Sjkoshy 178164190Sjkoshycipher suites using RSA authentication, i.e. the certificates carry RSA keys. 179164190Sjkoshy 180164190Sjkoshy=item B<aDSS>, B<DSS> 181164190Sjkoshy 182164190Sjkoshycipher suites using DSS authentication, i.e. the certificates carry DSS keys. 183164190Sjkoshy 184164190Sjkoshy=item B<aDH> 185164190Sjkoshy 186164190Sjkoshycipher suites effectively using DH authentication, i.e. the certificates carry 187164190SjkoshyDH keys. Not implemented. 188164190Sjkoshy 189164190Sjkoshy=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA> 190164190Sjkoshy 191164190Sjkoshyciphers suites using FORTEZZA key exchange, authentication, encryption or all 192164190SjkoshyFORTEZZA algorithms. Not implemented. 193164190Sjkoshy 194164190Sjkoshy=item B<TLSv1>, B<SSLv3>, B<SSLv2> 195164190Sjkoshy 196164190SjkoshyTLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. 197164190Sjkoshy 198164190Sjkoshy=item B<DH> 199164190Sjkoshy 200164190Sjkoshycipher suites using DH, including anonymous DH. 201164190Sjkoshy 202164190Sjkoshy=item B<ADH> 203164190Sjkoshy 204164190Sjkoshyanonymous DH cipher suites. 205164190Sjkoshy 206164190Sjkoshy=item B<AES> 207164190Sjkoshy 208164190Sjkoshycipher suites using AES. 209164190Sjkoshy 210164190Sjkoshy=item B<3DES> 211164190Sjkoshy 212164190Sjkoshycipher suites using triple DES. 213164190Sjkoshy 214164190Sjkoshy=item B<DES> 215164190Sjkoshy 216164190Sjkoshycipher suites using DES (not triple DES). 217164190Sjkoshy 218164190Sjkoshy=item B<RC4> 219164190Sjkoshy 220164190Sjkoshycipher suites using RC4. 221164190Sjkoshy 222164190Sjkoshy=item B<RC2> 223164190Sjkoshy 224164190Sjkoshycipher suites using RC2. 225164190Sjkoshy 226164190Sjkoshy=item B<IDEA> 227164190Sjkoshy 228164190Sjkoshycipher suites using IDEA. 229164190Sjkoshy 230164190Sjkoshy=item B<MD5> 231172088Sjkoshy 232172088Sjkoshycipher suites using MD5. 233172088Sjkoshy 234172088Sjkoshy=item B<SHA1>, B<SHA> 235172088Sjkoshy 236164190Sjkoshycipher suites using SHA1. 237164190Sjkoshy 238164190Sjkoshy=back 239164190Sjkoshy 240164190Sjkoshy=head1 CIPHER SUITE NAMES 241164190Sjkoshy 242164190SjkoshyThe following lists give the SSL or TLS cipher suites names from the 243164190Sjkoshyrelevant specification and their OpenSSL equivalents. It should be noted, 244164190Sjkoshythat several cipher suite names do not include the authentication used, 245165536Sjkoshye.g. DES-CBC3-SHA. In these cases, RSA authentication is used. 246165536Sjkoshy 247165536Sjkoshy=head2 SSL v3.0 cipher suites. 248165536Sjkoshy 249164190Sjkoshy SSL_RSA_WITH_NULL_MD5 NULL-MD5 250164190Sjkoshy SSL_RSA_WITH_NULL_SHA NULL-SHA 251164190Sjkoshy SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 252164190Sjkoshy SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 253164190Sjkoshy SSL_RSA_WITH_RC4_128_SHA RC4-SHA 254164190Sjkoshy SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 255164190Sjkoshy SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA 256164190Sjkoshy SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA 257164190Sjkoshy SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA 258164190Sjkoshy SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA 259164190Sjkoshy 260164190Sjkoshy SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. 261164190Sjkoshy SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. 262164190Sjkoshy SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. 263164190Sjkoshy SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. 264164190Sjkoshy SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. 265164190Sjkoshy SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. 266164190Sjkoshy SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA 267164190Sjkoshy SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA 268164190Sjkoshy SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA 269164190Sjkoshy SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA 270164190Sjkoshy SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA 271164190Sjkoshy SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA 272164190Sjkoshy 273164190Sjkoshy SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 274164253Sru SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 275164253Sru SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA 276164253Sru SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA 277164253Sru SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA 278164253Sru 279164253Sru SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. 280164253Sru SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. 281164253Sru SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. 282164253Sru 283164190Sjkoshy=head2 TLS v1.0 cipher suites. 284164190Sjkoshy 285164190Sjkoshy TLS_RSA_WITH_NULL_MD5 NULL-MD5 286164190Sjkoshy TLS_RSA_WITH_NULL_SHA NULL-SHA 287 TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 288 TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 289 TLS_RSA_WITH_RC4_128_SHA RC4-SHA 290 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 291 TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA 292 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA 293 TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA 294 TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA 295 296 TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. 297 TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. 298 TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. 299 TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. 300 TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. 301 TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. 302 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA 303 TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA 304 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA 305 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA 306 TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA 307 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA 308 309 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 310 TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 311 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA 312 TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA 313 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA 314 315=head2 AES ciphersuites from RFC3268, extending TLS v1.0 316 317 TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA 318 TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA 319 320 TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA 321 TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA 322 TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA 323 TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA 324 325 TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA 326 TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA 327 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA 328 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA 329 330 TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA 331 TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA 332 333=head2 Additional Export 1024 and other cipher suites 334 335Note: these ciphers can also be used in SSL v3. 336 337 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA 338 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA 339 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA 340 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA 341 TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA 342 343=head2 SSL v2.0 cipher suites. 344 345 SSL_CK_RC4_128_WITH_MD5 RC4-MD5 346 SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 347 SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 348 SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 349 SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 350 SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 351 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 352 353=head1 NOTES 354 355The non-ephemeral DH modes are currently unimplemented in OpenSSL 356because there is no support for DH certificates. 357 358Some compiled versions of OpenSSL may not include all the ciphers 359listed here because some ciphers were excluded at compile time. 360 361=head1 EXAMPLES 362 363Verbose listing of all OpenSSL ciphers including NULL ciphers: 364 365 openssl ciphers -v 'ALL:eNULL' 366 367Include all ciphers except NULL and anonymous DH then sort by 368strength: 369 370 openssl ciphers -v 'ALL:!ADH:@STRENGTH' 371 372Include only 3DES ciphers and then place RSA ciphers last: 373 374 openssl ciphers -v '3DES:+RSA' 375 376Include all RC4 ciphers but leave out those without authentication: 377 378 openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' 379 380Include all chiphers with RSA authentication but leave out ciphers without 381encryption. 382 383 openssl ciphers -v 'RSA:!COMPLEMENTOFALL' 384 385=head1 SEE ALSO 386 387L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> 388 389=head1 HISTORY 390 391The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were 392added in version 0.9.7. 393 394=cut 395