openssl - OpenSSL command line tool
openssl command [command_opts] [command_args]
openssl [list-standard-commands |
openssl no-XXX [arbitrary options]
OpenSSL is a cryptography toolkit implementing the Secure
(SSL v2/v3) and Transport Layer Security (TLS v1) network
related cryptography standards required by them.
The openssl program is a command line tool for using the
functions of OpenSSL's crypto library from the shell.
It can be
+o Creation of RSA, DH and DSA key parameters
+o Creation of X.509 certificates, CSRs and CRLs
+o Calculation of Message Digests
+o Encryption and Decryption with Ciphers
+o SSL/TLS Client and Server Tests
+o Handling of S/MIME signed or encrypted mail
The openssl program provides a rich variety of commands
(command in the
SYNOPSIS above), each of which often has a wealth of options
(command_opts and command_args in the SYNOPSIS).
The pseudo-commands list-standard-commands,
and list-cipher-commands output a list (one entry per line)
of the names
of all standard commands, message digest commands, or cipher
respectively, that are available in the present openssl
The pseudo-command no-XXX tests whether a command of the
is available. If no command named XXX exists, it returns 0
prints no-XXX; otherwise it returns 1 and prints XXX. In
both cases, the
output goes to stdout and nothing is printed to stderr. Additional command
line arguments are always ignored. Since for each cipher there is a
command of the same name, this provides an easy way for
shell scripts to
test for the availability of ciphers in the openssl program.
Note: no-XXX is not able to detect pseudo-commands such as
list-...-commands, or no-XXX itself.
asn1parse Parse an ASN.1 sequence.
ca Certificate Authority (CA) Management.
ciphers Cipher Suite Description Determination.
crl Certificate Revocation List (CRL) Management.
crl2pkcs7 CRL to PKCS#7 Conversion.
dgst Message Digest Calculation.
dh Diffie-Hellman Parameter Management. Obsoleted
dhparam Generation and Management of Diffie-Hellman Parameters.
dsa DSA Data Management.
dsaparam DSA Parameter Generation.
enc Encoding with Ciphers.
errstr Error Number to Error String Conversion.
gendh Generation of Diffie-Hellman Parameters. Obsoleted by
gendsa Generation of DSA Parameters.
genrsa Generation of RSA Parameters.
nseq Create or examine a Netscape certificate sequence.
ocsp Online Certificate Status Protocol utility.
passwd Generation of hashed passwords.
pkcs7 PKCS#7 Data Management.
pkcs8 PKCS#8 Data Management.
pkcs12 PKCS#12 Data Management.
rand Generate pseudo-random bytes.
req X.509 Certificate Signing Request (CSR) Management.
rsa RSA Data Management.
rsautl RSA utility for signing, verification, encryption, and decryption.
s_client This implements a generic SSL/TLS client which
can establish a
transparent connection to a remote server speaking SSL/TLS.
It's intended for testing purposes only and provides only
rudimentary interface functionality but internally uses mostly
all functionality of the OpenSSL ssl library.
s_server This implements a generic SSL/TLS server which
from remote clients speaking SSL/TLS. It's
testing purposes only and provides only rudimentary interface
functionality but internally uses mostly all
the OpenSSL ssl library. It provides both an own
oriented protocol for testing SSL functions and a
response facility to emulate an SSL/TLS-aware
s_time SSL Connection Timer.
sess_id SSL Session Data Management.
smime S/MIME mail processing.
speed Algorithm Speed Measurement.
spkac SPKAC printing and generating utility.
verify X.509 Certificate Verification.
version OpenSSL Version Information.
x509 X.509 Certificate Data Management.
MESSAGE DIGEST COMMANDS [Toc] [Back]
md2 MD2 Digest.
md4 MD4 Digest.
md5 MD5 Digest.
ripemd160 RIPEMD-160 Digest.
sha SHA Digest.
sha1 SHA-1 Digest.
ENCODING AND CIPHER COMMANDS [Toc] [Back]
aes-128-cbc | aes-128-ecb | aes-192-cbc | aes-192-ecb |
aes-256-cbc | aes-256-ecb
base64 Base64 Encoding.
bf | bf-cbc | bf-cfb | bf-ecb | bf-ofb
cast | cast-cbc
cast5-cbc | cast5-cfb | cast5-ecb | cast5-ofb
des | des-cbc | des-cfb | des-ecb | des-ede | des-ede-cbc
des-ede-cfb | des-ede-ofb | des-ofb
des3 | desx | des-ede3 | des-ede3-cbc | des-ede3-cfb |
Triple DES Cipher.
rc2 | rc2-40-cbc | rc2-64-cbc | rc2-cbc | rc2-cfb | rc2-ecb
rc4 | rc4-40
PASS PHRASE ARGUMENTS [Toc] [Back]
Several commands accept password arguments, typically using
-passout for input and output passwords, respectively.
These allow the
password to be obtained from a variety of sources. Both of
take a single argument whose format is described below. If
argument is given and a password is required, then the user
to enter one: this will typically be read from the current
echoing turned off.
The actual password is password. Since the password is visible
to utilities (like ps(1) under UNIX) this
form should only
be used where security is not important.
env:var Obtain the password from the environment variable
the environment of other processes is visible on
(e.g. ps(1) under certain UNIX OSes) this
be used with caution.
file:path The first line of path is the password. If the
same path argument
is supplied to -passin and -passout, then
line will be used for the input password and the
next line for
the output password. path need not refer to a
it could, for example, refer to a device or named
fd:number Read the password from the file descriptor
number. This can
be used to send the data via a pipe for example.
stdin Read the password from standard input.
openssl asn1parse [-dump] [-i] [-noout] [-dlimit number]
[-inform DER | PEM | TXT] [-length number] [-offset number]
[-out file] [-strparse offset]
The asn1parse command is a diagnostic utility that can parse
It can also be used to extract data from ASN.1 formatted data.
The options are as follows:
Dump the first number bytes of unknown data in hex
-dump Dump unknown data in hex form.
-i Indents the output according to the "depth" of the
The input file; default is standard input.
-inform DER | PEM | TXT
The input format. DER (Distinguished Encoding
Rules) is binary
format and PEM (Privacy Enhanced Mail), the default,
base64-encoded. TXT is plain text.
Number of bytes to parse; default is until end of
-noout Don't output the parsed version of the input file.
Starting offset to begin parsing; default is start
A file containing additional object identifiers
(OIDs). The format
of this file is described in the ASN1PARSE NOTES
Output file to place the DER-encoded data into. If
is not present, no encoded data will be output.
This is most
useful when combined with the -strparse option.
Parse the content octets of the ASN.1 object starting at offset.
This option can be used multiple times to "drill
down" into a
The output will typically contain lines like this:
0:d=0 hl=4 l= 681 cons: SEQUENCE
229:d=3 hl=3 l= 141 prim: BIT STRING
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
This example is part of a self-signed certificate. Each
line starts with
the offset in decimal. d=XX specifies the current depth.
The depth is
increased within the scope of any SET or SEQUENCE. hl=XX
gives the header
length (tag and length octets) of the current type. l=XX
length of the content octets.
The -i option can be used to make the output more readable.
Some knowledge of the ASN.1 structure is needed to interpret
In this example, the BIT STRING at offset 229 is the certificate public
key. The content octets of this will contain the public key
This can be examined using the option -strparse 229 to
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER
135:d=1 hl=2 l= 3 prim: INTEGER :010001
If an OID (object identifier) is not part of OpenSSL's internal table it
will be represented in numerical form (for example 188.8.131.52).
passed to the -oid option allows additional OIDs to be included. Each
line consists of three columns: the first column is the OID
format and should be followed by whitespace. The second
column is the
"short name" which is a single word followed by whitespace.
column is the rest of the line and is the "long name".
the long name. Example:
"184.108.40.206 shortname A long name"
There should be options to change the format of input lines.
of some ASN.1 types is not well handled (if at all).
openssl ca [-batch] [-gencrl] [-infiles] [-msie_hack]
[-notext] [-preserveDN] [-updatedb] [-verbose] [-cert file]
[-config file] [-crl_CA_compromise time] [-crl_compromise
[-crl_hold instruction] [-crl_reason reason] [-crldays days]
[-crlexts section] [-crlhours hours] [-days arg] [-enddate
[-engine id] [-extensions section] [-extfile section] [-in
[-key keyfile] [-keyfile arg] [-keyform ENGINE | PEM] [-md
[-name section] [-out file] [-outdir dir] [-passin arg]
[-revoke file] [-spkac file] [-ss_cert file] [-startdate
[-status serial] [-subj arg]
The ca command is a minimal CA application. It can be used
to sign certificate
requests in a variety of forms and generate CRLs.
It also maintains
a text database of issued certificates and their status.
The options descriptions will be divided into each purpose.
This sets the batch mode. In this mode no questions
will be asked
and all certificates will be certified automatically.
The CA certificate file.
Specifies the configuration file to use.
The number of days to certify the certificate for.
This allows the expiry date to be explicitly set. The
the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime
Specifying an engine (by it's unique id string) will
cause ca to
attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then
be set as the
default for all available algorithms.
The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to
X509_extensions unless the -extfile option is used).
If no extension
section is present, a V1 certificate is created.
If the extension
section is present (even if it is empty), then
a V3 certificate
An additional configuration file to read certificate
from (using the default section unless the -extensions
An input file containing a single certificate request
to be signed
by the CA.
If present, this should be the last option; all subsequent arguments
are assumed to be the names of files containing
The password used to encrypt the private key. Since
on some systems
the command line arguments are visible (e.g. UNIX
ps(1) utility) this option should be used with caution.
The private key to sign requests with.
-keyform ENGINE | PEM
Private key file format.
The message digest to use. Possible values include
md5 and sha1.
This option also applies to CRLs.
This is a legacy option to make ca work with very old
the IE certificate enrollment control "certenr3". It
for almost everything. Since the old control has various
security bugs, its use is strongly discouraged.
The newer control
"Xenroll" does not need this option.
Specifies the configuration file section to use (overrides
default_ca in the ca section).
The DN of a certificate can contain the EMAIL field if
the request DN, however it is good policy just having
set into the altName extension of the certificate.
When this option
is set, the EMAIL field is removed from the certificate's subject
and set only in the, eventually present, extensions. The
email_in_dn keyword can be used in the configuration
file to enable
Don't output the text form of a certificate to the
The output file to output certificates to. The default is standard
output. The certificate details will also be printed
out to this
The directory to output certificates to. The certificate will be
written to a file consisting of the serial number in
The key password source. For more information about
the format of
arg, see the PASS PHRASE ARGUMENTS section above.
This option defines the CA "policy" to use. This is a
the configuration file which decides which fields
should be mandatory
or match the CA certificate. Check out the CA
section for more information.
Normally, the DN order of a certificate is the same as
the order of
the fields in the relevant policy section. When this
set, the order is the same as the request. This is
compatibility with the older IE enrollment control
which would only
accept certificates if their DNs matched the order of
This is not needed for Xenroll.
A file containing a single Netscape signed public key
and additional field values to be signed by the
CA. See the
SPKAC FORMAT section for information on the required
A single self-signed certificate to be signed by the
This allows the start date to be explicitly set. The
format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime
Show status of certificate with serial number serial.
Update database for expired certificates.
This prints extra details about the operations being
This is the same as -crl_compromise, except the revocation reason
is set to CACompromise.
This sets the revocation reason to keyCompromise and
time to time. time should be in GeneralizedTime format, i.e.
This sets the CRL revocation reason code to certificateHold and the
hold instruction to instruction which must be an OID.
OID can be used, only holdInstructionNone (the use of
which is discouraged
by RFC 2459), holdInstructionCallIssuer or
will normally be used.
Revocation reason, where reason is one of: unspecified, keyCompromise,
CACompromise, affiliationChanged, superseded,
certificateHold or removeFromCRL. The matching of reason
is case insensitive. Setting any revocation reason
will make the
CRL v2. In practice, removeFromCRL is not particularly useful because
it is only used in delta CRLs which are not currently implemented.
The number of days before the next CRL is due. This
is the days
from now to place in the CRL nextUpdate field.
The section of the configuration file containing CRL
include. If no CRL extension section is present then
a V1 CRL is
created; if the CRL extension section is present (even
if it is
empty) then a V2 CRL is created. The CRL extensions
CRL extensions and not CRL entry extensions. It
should be noted
that some software (for example Netscape) can't handle
The number of hours before the next CRL is due.
This option generates a CRL based on information in
the index file.
A file containing a certificate to revoke.
Supersedes the subject name given in the request. The
arg must be
formatted as /type0=value0/type1=value1/type2=...;
be escaped by `' (backslash), no spaces are skipped.
CA CONFIGURATION FILE OPTIONS [Toc] [Back]
The section of the configuration file containing options for
ca is found
as follows: If the -name command line option is used, then
it names the
section to be used. Otherwise the section to be used must
be named in
the default_CA option of the CA section of the configuration
file (or in
the default section of the configuration file). Besides
following options are read directly from the CA section:
With the exception of RANDFILE, this is probably a bug and
may change in
Many of the configuration file options are identical to command line options.
Where the option is present in the configuration
file and the
command line, the command line value is used. Where an option is described
as mandatory, then it must be present in the configuration file
or the command line equivalent (if any) used.
The same as -cert. It gives the file containing the
Determines how extensions in certificate requests
should be handled.
If set to none or this option is not present,
are ignored and not copied to the certificate.
If set to
copy, then any extensions present in the request that
are not already
present are copied to the certificate. If set
then all extensions in the request are copied to the
if the extension is already present in the certificate
it is deleted
first. See the CA WARNINGS section before using
The main use of this option is to allow a certificate
supply values for certain extensions such as
The same as -crlexts.
The text database file to use. Mandatory. This file
must be present,
though initially it will be empty.
The same as the -crlhours and -crldays options. These
will only be
used if neither command line option is present. At
least one of
these must be present to generate a CRL.
The same as the -days option. The number of days to
certify a certificate
The same as the -enddate option. Either this option
default_days (or the command line equivalents) must be
The same as the -md option. The message digest to
The same as the -startdate option. The start date to
certificate for. If not set, the current time is
The same as -noemailDN. If the EMAIL field is to be
the DN of the certificate, simply set this to "no".
If not present,
the default is to allow for the EMAIL field in
The same as -msie_hack.
These options allow the format used to display the
when asking the user to confirm signing. All
supported by the x509 utilities' -nameopt and -certopt
be used here, except that no_signame and no_sigdump
set and cannot be disabled (this is because the certificate signature
cannot be displayed because the certificate has
signed at this point).
For convenience, the value CA_default is accepted by
both to produce
a reasonable output.
If neither option is present, the format used in earlier versions
of OpenSSL is used. Use of the old format is strongly
because it only displays fields mentioned in the
mishandles multicharacter string types and does not
The same as the -outdir command line option. It specifies the directory
where new certificates will be placed. Mandatory.
This specifies a file containing additional object
Each line of the file should consist of the numerical
form of the
object identifier followed by whitespace, then the
short name followed
by whitespace and finally the long name.
This specifies a section in the configuration file
object identifiers. Each line should consist of the
short name of
the object identifier followed by `=' and the numerical form. The
short and long names are the same when this option is
The same as -policy. Mandatory. See the CA POLICY
for more information.
The same as -preserveDN.
Same as the -keyfile option. The file containing the
A file used to read and write random number seed information, or an
EGD socket (see RAND_egd(3)).
A text file containing the next serial number to use
Mandatory. This file must be present and contain a
The same as -extensions.
The policy section consists of a set of variables corresponding to certificate
DN fields. If the value is "match", then the field
match the same field in the CA certificate. If the value is
then it must be present. If the value is "optional", then
it may be present.
Any fields not mentioned in the policy section are
unless the -preserveDN option is set, but this can be
of a quirk than intended behaviour.
The input to the -spkac command line option is a Netscape
key and challenge. This will usually come from the KEYGEN
tag in an HTML
form to create a new private key. It is, however, possible
to create SPKACs
using the spkac utility.
The file should contain the variable SPKAC set to the value
of the SPKAC
and also the required DN components as name value pairs. If
to include the same component twice, then it can be
preceded by a
number and a `.'.
Note: these examples assume that the ca directory structure
set up and the relevant files already exist. This usually
a CA certificate and private key with req, a serial
number file and
an empty index file and placing them in the relevant directories.
To use the sample configuration file below, the directories
demoCA/private and demoCA/newcerts would be created. The CA
would be copied to demoCA/cacert.pem and its private key to
demoCA/private/cakey.pem. A file demoCA/serial would be
for example, "01" and the empty index file
Sign a certificate request:
$ openssl ca -in req.pem -out newcert.pem
Sign a certificate request, using CA extensions:
$ openssl ca -in req.pem -extensions v3_ca -out
Generate a CRL:
$ openssl ca -gencrl -out crl.pem
Sign several requests:
$ openssl ca -infiles req1.pem req2.pem req3.pem
Certify a Netscape SPKAC:
$ openssl ca -spkac spkac.txt
A sample SPKAC file (the SPKAC line has been truncated for
A sample configuration file with the relevant sections for
[ ca ]
default_ca = CA_default # The default ca
[ CA_default ]
dir = ./demoCA # top dir
database = $dir/index.txt # index file
new_certs_dir = $dir/newcerts # new certs dir
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before
default_md = md5 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the
email into cert DN
nameopt = ca_default # Subject name display option
certopt = ca_default # Certificate display option
copy_extensions = none #Don't copy extensions from request
[ policy_any ]
countryName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
Note: the location of all files can change either by compile
configuration file entries, environment variables, or
options. The values below reflect the default values.
/etc/ssl/openssl.cnf - master configuration
./demoCA - main CA directory
./demoCA/cacert.pem - CA certificate
./demoCA/private/cakey.pem - CA private key
./demoCA/serial - CA serial number file
./demoCA/serial.old - CA serial number
./demoCA/index.txt - CA text database file
./demoCA/index.txt.old - CA text database
./demoCA/certs - certificate output
./demoCA/.rnd - CA random seed information
CA ENVIRONMENT VARIABLES [Toc] [Back]
OPENSSL_CONF reflects the location of the master configuration file; it
can be overridden by the -config command line option.
The text database index file is a critical part of the process, and if
corrupted it can be difficult to fix. It is theoretically
rebuild the index file from all the issued certificates and
CRL; however there is no option to do this.
V2 CRL features like delta CRL support and CRL numbers are
Although several requests can be input and handled at once,
it is only
possible to include one SPKAC or self-signed certificate.
The use of an in-memory text database can cause problems
when large numbers
of certificates are present because, as the name implies, the
database has to be kept in memory.
It is not possible to certify two certificates with the same
DN; this is
a side effect of how the text database is indexed and it
cannot easily be
fixed without introducing other problems. Some S/MIME
clients can use
two certificates with the same DN for separate signing and
The ca command really needs rewriting or the required functionality exposed
at either a command or interface level so a more
(perl script or GUI) can handle things properly. The
scripts CA.sh and
CA.pl help a little but not very much.
Any fields in a request that are not present in a policy are
deleted. This does not happen if the -preserveDN option is
used. To enforce
the absence of the EMAIL field within the DN, as suggested by RFCs,
regardless of the contents of the request's subject the
can be used. The behaviour should be more friendly and configurable.
Cancelling some commands by refusing to certify a certificate can create
an empty file.
The ca command is quirky and at times downright unfriendly.
The ca utility was originally meant as an example of how to
do things in
a CA. It was not supposed to be used as a full blown CA itself: nevertheless
some people are using it for this purpose.
The ca command is effectively a single user command: no
locking is done
on the various files, and attempts to run more than one ca
command on the
same database can have unpredictable results.
The copy_extensions option should be used with caution. If
care is not
taken, it can be a security risk. For example, if a certificate request
contains a basicConstraints extension with CA:TRUE and the
copy_extensions value is set to copyall and the user does
not spot this
when the certificate is displayed, then this will hand the
valid CA certificate.
This situation can be avoided by setting copy_extensions to
copy and including
basicConstraints with CA:FALSE in the configuration
if the request contains a basicConstraints extension, it
will be ignored.
It is advisable to also include values for other extensions
keyUsage to prevent a request supplying its own values.
Additional restrictions can be placed on the CA certificate
example if the CA certificate has:
basicConstraints = CA:TRUE, pathlen:0
then even if a certificate is issued with CA:TRUE it will
not be valid.
openssl ciphers [-h] [-ssl2 | -ssl3 | -tls1] [-v]
The ciphers command converts OpenSSL cipher lists into ordered SSL cipher
preference lists. It can be used as a test tool to determine the appropriate
The options are as follows:
-h, -? Print a brief usage message.
-ssl2 Only include SSL v2 ciphers.
-ssl3 Only include SSL v3 ciphers.
-tls1 Only include TLS v1 ciphers.
-v Verbose option. List ciphers with a complete description of protocol
version (SSLv2 or SSLv3; the latter includes
TLS), key exchange,
authentication, encryption and mac algorithms used along
with any key size restrictions and whether the algorithm is
classed as an export cipher. Note that without the
ciphers may seem to appear twice in a cipher list;
this is when
similar ciphers are available for SSL v2 and for SSL
A cipher list to convert to a cipher preference
list. If it is
not included, the default cipher list will be used.
is described below.
The cipher list consists of one or more cipher strings separated by
colons. Commas or spaces are also acceptable separators,
but colons are
The actual cipher string can take several different forms:
It can consist of a single cipher suite such as RC4-SHA.
It can represent a list of cipher suites containing a certain algorithm,
or cipher suites of a certain type. For example SHA1 represents all cipher
suites using the digest algorithm SHA1, and SSLv3 represents all SSL
Lists of cipher suites can be combined in a single cipher
the `+' character. This is used as a logical and operation.
SHA1+DES represents all cipher suites containing the
SHA1 and the
Each cipher string can be optionally preceded by the characters `!', `-',
If `!' is used, then the ciphers are permanently deleted
from the list.
The ciphers deleted can never reappear in the list even if
they are explicitly
If `-' is used, then the ciphers are deleted from the list,
but some or
all of the ciphers can be added again by later options.
If `+' is used, then the ciphers are moved to the end of the
option doesn't add any new ciphers, it just moves matching
If none of these characters is present, the string is just
a list of ciphers to be appended to the current preference
list. If the
list includes any ciphers already present, they will be ignored; that is,
they will not be moved to the end of the list.
Additionally, the cipher string @STRENGTH can be used at any
sort the current cipher list in order of encryption algorithm key length.
The following is a list of all permitted cipher strings and
The default cipher list. This is determined at compile time and is
normally ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. This must
be the first
cipher string specified.
The ciphers included in ALL, but not enabled by default. Currently
this is ADH. Note that this rule does not cover
eNULL, which is
not included by ALL (use COMPLEMENTOFALL if necessary).
ALL All cipher suites except the eNULL ciphers which must
The cipher suites not enabled by ALL, currently being
HIGH "High" encryption cipher suites. This currently means
key lengths larger than 128 bits.
"Medium" encryption cipher suites, currently those using 128-bit
LOW "Low" encryption cipher suites, currently those using
64- or 56-bit
encryption algorithms, but excluding export cipher
Export encryption algorithms. Including 40- and
40-bit export encryption algorithms.
56-bit export encryption algorithms.
The "NULL" ciphers; that is, those offering no encryption. Because
these offer no encryption at all and are a security
risk, they are
disabled unless explicitly included.
The cipher suites offering no authentication. This is
the anonymous DH algorithms. These cipher suites are
a "man in the middle" attack, so their use is normally
Cipher suites using RSA key exchange.
kEDH Cipher suites using ephemeral DH key agreement.
Cipher suites using DH key agreement and DH certificates signed by
CAs with RSA and DSS keys respectively. Not implemented.
aRSA Cipher suites using RSA authentication, i.e. the certificates carry
Cipher suites using DSS authentication, i.e. the certificates carry
aDH Cipher suites effectively using DH authentication,
i.e. the certificates
carry DH keys. Not implemented.
kFZA, aFZA, eFZA, FZA
Cipher suites using FORTEZZA key exchange, authentication, encryption
or all FORTEZZA algorithms. Not implemented.
TLSv1, SSLv3, SSLv2
TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites, respectively.
DH Cipher suites using DH, including anonymous DH.
ADH Anonymous DH cipher suites.
AES Cipher suites using AES.
3DES Cipher suites using triple DES.
DES Cipher suites using DES (not triple DES).
RC4 Cipher suites using RC4.
RC2 Cipher suites using RC2.
MD5 Cipher suites using MD5.
Cipher suites using SHA1.
The following lists give the SSL or TLS cipher suites names
from the relevant
specification and their OpenSSL equivalents. It
should be noted
that several cipher suite names do not include the authentication used,
e.g. DES-CBC3-SHA. In these cases, RSA authentication is
SSL v3.0 cipher suites [Toc] [Back]
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
TLS v1.0 cipher suites [Toc] [Back]
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
AES ciphersuites from RFC 3268, extending TLS v1.0
Additional Export 1024 and other cipher suites [Toc] [Back]
Note: These ciphers can also be used in SSL v3.
SSL v2.0 cipher suites [Toc] [Back]
The non-ephemeral DH modes are currently unimplemented in
there is no support for DH certificates.
Some compiled versions of OpenSSL may not include all the
here because some ciphers were excluded at compile time.
Verbose listing of all OpenSSL ciphers including NULL ciphers:
$ openssl c