On 04/11/15 23:53, Steve Topletz wrote: > I find that I'm missing many ciphers when I interrogate my openssl service. > > Running v1.0.2d 'openssl s_server -cert my.cer -key my.key -accept 443 > -cipher TLSv1.2' offers only about 1/3 of the ciphers listed in 'openssl > ciphers -V TLSv1.2'. > > How do I get the rest of these ciphers enabled?
The ciphers available are a combination of your cipher string (in this case "TLSv1.2") and the rest of your configuration. If you only supply an RSA cert then you won't get any ciphersuites that require DSS, ECDSA, DH or ECDH certificates. You can supply more than one certificate type if you wish (see -dcert and -dkey). Also if you don't set a pre shared key (-psk option) then you won't get any PSK ciphersuites. Matt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
