]>
Commit | Line | Data |
---|---|---|
64287002 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | ciphers - SSL cipher display and cipher list tool. | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<ciphers> | |
10 | [B<-v>] | |
11 | [B<-ssl2>] | |
12 | [B<-ssl3>] | |
13 | [B<-tls1>] | |
14 | [B<cipherlist>] | |
15 | ||
16 | =head1 DESCRIPTION | |
17 | ||
18 | The B<cipherlist> command converts OpenSSL cipher lists into ordered | |
19 | SSL cipher preference lists. It can be used as a test tool to determine | |
20 | the appropriate cipherlist. | |
21 | ||
22 | =head1 COMMAND OPTIONS | |
23 | ||
24 | =over 4 | |
25 | ||
26 | =item B<-v> | |
27 | ||
8acdd759 BM |
28 | verbose option. List ciphers with a complete description of |
29 | protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, | |
30 | authentication, encryption and mac algorithms used along with any key size | |
64287002 | 31 | restrictions and whether the algorithm is classed as an "export" cipher. |
8acdd759 BM |
32 | Note that without the B<-v> option, ciphers may seem to appear twice |
33 | in a cipher list; this is when similar ciphers are available for | |
34 | SSL v2 and for SSL v3/TLS v1. | |
64287002 DSH |
35 | |
36 | =item B<-ssl3> | |
37 | ||
38 | only include SSL v3 ciphers. | |
39 | ||
40 | =item B<-ssl2> | |
41 | ||
42 | only include SSL v2 ciphers. | |
43 | ||
44 | =item B<-tls1> | |
45 | ||
46 | only include TLS v1 ciphers. | |
47 | ||
48 | =item B<-h>, B<-?> | |
49 | ||
50 | print a brief usage message. | |
51 | ||
52 | =item B<cipherlist> | |
53 | ||
54 | a cipher list to convert to a cipher preference list. If it is not included | |
55 | then the default cipher list will be used. The format is described below. | |
56 | ||
8548d442 RL |
57 | =back |
58 | ||
64287002 DSH |
59 | =head1 CIPHER LIST FORMAT |
60 | ||
61 | The cipher list consists of one or more I<cipher strings> separated by colons. | |
62 | Commas or spaces are also acceptable separators but colons are normally used. | |
63 | ||
64 | The actual cipher string can take several different forms. | |
65 | ||
66 | It can consist of a single cipher suite such as B<RC4-SHA>. | |
67 | ||
68 | It can represent a list of cipher suites containing a certain algorithm, or | |
69 | cipher suites of a certain type. For example B<SHA1> represents all ciphers | |
70 | suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3 | |
71 | algorithms. | |
72 | ||
73 | Lists of cipher suites can be combined in a single cipher string using the | |
74 | B<+> character. This is used as a logical B<and> operation. For example | |
75 | B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES | |
76 | algorithms. | |
77 | ||
78 | Each cipher string can be optionally preceded by the characters B<!>, | |
79 | B<-> or B<+>. | |
80 | ||
81 | If B<!> is used then the ciphers are permanently deleted from the list. | |
82 | The ciphers deleted can never reappear in the list even if they are | |
83 | explicitly stated. | |
84 | ||
85 | If B<-> is used then the ciphers are deleted from the list, but some or | |
86 | all of the ciphers can be added again by later options. | |
87 | ||
88 | If B<+> is used then the ciphers are moved to the end of the list. This | |
89 | option doesn't add any new ciphers it just moves matching existing ones. | |
90 | ||
91 | If none of these characters is present then the string is just interpreted | |
92 | as a list of ciphers to be appended to the current preference list. If the | |
93 | list includes any ciphers already present they will be ignored: that is they | |
94 | will not moved to the end of the list. | |
95 | ||
96 | Additionally the cipher string B<@STRENGTH> can be used at any point to sort | |
97 | the current cipher list in order of encryption algorithm key length. | |
98 | ||
99 | =head1 CIPHER STRINGS | |
100 | ||
101 | The following is a list of all permitted cipher strings and their meanings. | |
102 | ||
103 | =over 4 | |
104 | ||
105 | =item B<DEFAULT> | |
106 | ||
107 | the default cipher list. This is determined at compile time and is normally | |
3142c86d DSH |
108 | B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string |
109 | specified. | |
64287002 DSH |
110 | |
111 | =item B<ALL> | |
112 | ||
113 | all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled. | |
114 | ||
115 | =item B<HIGH> | |
116 | ||
117 | "high" encryption cipher suites. This currently means those with key lengths larger | |
118 | than 128 bits. | |
119 | ||
120 | =item B<MEDIUM> | |
121 | ||
122 | "medium" encryption cipher suites, currently those using 128 bit encryption. | |
123 | ||
124 | =item B<LOW> | |
125 | ||
126 | "low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms | |
127 | but excluding export cipher suites. | |
128 | ||
129 | =item B<EXP>, B<EXPORT> | |
130 | ||
131 | export encryption algorithms. Including 40 and 56 bits algorithms. | |
132 | ||
133 | =item B<EXPORT40> | |
134 | ||
135 | 40 bit export encryption algorithms | |
136 | ||
137 | =item B<EXPORT56> | |
138 | ||
139 | 56 bit export encryption algorithms. | |
140 | ||
141 | =item B<eNULL>, B<NULL> | |
142 | ||
143 | the "NULL" ciphers that is those offering no encryption. Because these offer no | |
144 | encryption at all and are a security risk they are disabled unless explicitly | |
145 | included. | |
146 | ||
147 | =item B<aNULL> | |
148 | ||
149 | the cipher suites offering no authentication. This is currently the anonymous | |
150 | DH algorithms. These cipher suites are vulnerable to a "man in the middle" | |
3142c86d | 151 | attack and so their use is normally discouraged. |
64287002 DSH |
152 | |
153 | =item B<kRSA>, B<RSA> | |
154 | ||
155 | cipher suites using RSA key exchange. | |
156 | ||
157 | =item B<kEDH> | |
158 | ||
159 | cipher suites using ephemeral DH key agreement. | |
160 | ||
161 | =item B<kDHr>, B<kDHd> | |
162 | ||
163 | cipher suites using DH key agreement and DH certificates signed by CAs with RSA | |
164 | and DSS keys respectively. Not implemented. | |
165 | ||
166 | =item B<aRSA> | |
167 | ||
168 | cipher suites using RSA authentication, i.e. the certificates carry RSA keys. | |
169 | ||
170 | =item B<aDSS>, B<DSS> | |
171 | ||
172 | cipher suites using DSS authentication, i.e. the certificates carry DSS keys. | |
173 | ||
174 | =item B<aDH> | |
175 | ||
176 | cipher suites effectively using DH authentication, i.e. the certificates carry | |
177 | DH keys. Not implemented. | |
178 | ||
179 | =item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA> | |
180 | ||
181 | ciphers suites using FORTEZZA key exchange, authentication, encryption or all | |
182 | FORTEZZA algorithms. Not implemented. | |
183 | ||
184 | =item B<TLSv1>, B<SSLv3>, B<SSLv2> | |
185 | ||
186 | TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. | |
187 | ||
188 | =item B<DH> | |
189 | ||
190 | cipher suites using DH, including anonymous DH. | |
191 | ||
192 | =item B<ADH> | |
193 | ||
657e60fa | 194 | anonymous DH cipher suites. |
64287002 DSH |
195 | |
196 | =item B<3DES> | |
197 | ||
198 | cipher suites using triple DES. | |
199 | ||
200 | =item B<DES> | |
201 | ||
202 | cipher suites using DES (not triple DES). | |
203 | ||
204 | =item B<RC4> | |
205 | ||
206 | cipher suites using RC4. | |
207 | ||
208 | =item B<RC2> | |
209 | ||
210 | cipher suites using RC2. | |
211 | ||
212 | =item B<IDEA> | |
213 | ||
214 | cipher suites using IDEA. | |
215 | ||
216 | =item B<MD5> | |
217 | ||
218 | cipher suites using MD5. | |
219 | ||
220 | =item B<SHA1>, B<SHA> | |
221 | ||
222 | cipher suites using SHA1. | |
223 | ||
224 | =back | |
225 | ||
226 | =head1 CIPHER SUITE NAMES | |
227 | ||
228 | The following lists give the SSL or TLS cipher suites names from the | |
229 | relevant specification and their OpenSSL equivalents. | |
230 | ||
231 | =head2 SSL v3.0 cipher suites. | |
232 | ||
233 | SSL_RSA_WITH_NULL_MD5 NULL-MD5 | |
234 | SSL_RSA_WITH_NULL_SHA NULL-SHA | |
235 | SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 | |
236 | SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 | |
237 | SSL_RSA_WITH_RC4_128_SHA RC4-SHA | |
238 | SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 | |
239 | SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA | |
240 | SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA | |
241 | SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA | |
242 | SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA | |
243 | ||
244 | SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. | |
245 | SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. | |
246 | SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. | |
247 | SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. | |
248 | SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. | |
249 | SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. | |
250 | SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA | |
251 | SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA | |
252 | SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA | |
253 | SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA | |
254 | SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA | |
255 | SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA | |
256 | ||
257 | SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 | |
258 | SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 | |
259 | SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA | |
260 | SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA | |
261 | SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA | |
262 | ||
263 | SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. | |
264 | SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. | |
265 | SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. | |
266 | ||
267 | =head2 TLS v1.0 cipher suites. | |
268 | ||
269 | TLS_RSA_WITH_NULL_MD5 NULL-MD5 | |
270 | TLS_RSA_WITH_NULL_SHA NULL-SHA | |
271 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 | |
272 | TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 | |
273 | TLS_RSA_WITH_RC4_128_SHA RC4-SHA | |
274 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 | |
275 | TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA | |
276 | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA | |
277 | TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA | |
278 | TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA | |
279 | ||
280 | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. | |
281 | TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. | |
282 | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. | |
283 | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. | |
284 | TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. | |
285 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. | |
286 | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA | |
287 | TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA | |
288 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA | |
289 | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA | |
290 | TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA | |
291 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA | |
292 | ||
293 | TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 | |
294 | TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 | |
295 | TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA | |
296 | TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA | |
297 | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA | |
298 | ||
299 | =head2 Additional Export 1024 and other cipher suites | |
300 | ||
301 | Note: these ciphers can also be used in SSL v3. | |
302 | ||
303 | TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA | |
304 | TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA | |
305 | TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA | |
306 | TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA | |
307 | TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA | |
308 | ||
309 | =head2 SSL v2.0 cipher suites. | |
310 | ||
311 | SSL_CK_RC4_128_WITH_MD5 RC4-MD5 | |
312 | SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 | |
313 | SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 | |
314 | SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 | |
315 | SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 | |
316 | SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 | |
317 | SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 | |
318 | ||
319 | =head1 NOTES | |
320 | ||
657e60fa | 321 | The non-ephemeral DH modes are currently unimplemented in OpenSSL |
64287002 DSH |
322 | because there is no support for DH certificates. |
323 | ||
324 | Some compiled versions of OpenSSL may not include all the ciphers | |
325 | listed here because some ciphers were excluded at compile time. | |
326 | ||
327 | =head1 EXAMPLES | |
328 | ||
329 | Verbose listing of all OpenSSL ciphers including NULL ciphers: | |
330 | ||
331 | openssl ciphers -v 'ALL:eNULL' | |
332 | ||
333 | Include all ciphers except NULL and anonymous DH then sort by | |
334 | strength: | |
335 | ||
336 | openssl ciphers -v 'ALL:!ADH:@STRENGTH' | |
337 | ||
338 | Include only 3DES ciphers and then place RSA ciphers last: | |
339 | ||
340 | openssl ciphers -v '3DES:+RSA' | |
341 | ||
342 | =head1 SEE ALSO | |
343 | ||
bb075f88 | 344 | L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)> |
64287002 DSH |
345 | |
346 | =cut |