On Mon, Mar 26, 2012, KUTILEK Martin wrote: > Hi, > > I am doing some testing with openssl 1.0.1 and I am trying to find the > proper syntax to display only TLSv1.1+ ciphers. > > When I look in ./ssl/ssl.h, I see > #define SSL_TXT_TLSV1_2 "TLSv1.2" > but what ever I try, I always get: > Error in cipher list > error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid > command:ssl_ciph.c:1164: > > -bash-3.2$ ./openssl version > OpenSSL 1.0.1 14 Mar 2012 > > -bash-3.2$ ./openssl ciphers -v 'TLSv1.2' > Error in cipher list > 3086808716:error:140E6118:SSL > routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1164: > > -bash-3.2$ ./openssl ciphers -v "TLSv1.2" > Error in cipher list > 3086939788:error:140E6118:SSL > routines:SSL_CIPHER_PROCESS_RULESTR:invalid command:ssl_ciph.c:1164: > > -bash-3.2$ ./openssl ciphers -v -TLS1.2 > Error in cipher list > 3086755468:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:ssl_lib.c:1312: > > -bash-3.2$ ./openssl ciphers -v -tls1.2 > Error in cipher list > 3086632588:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:ssl_lib.c:1312: > > -bash-3.2$ ./openssl ciphers -v -tls1_2 > Error in cipher list > 3086866060:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher > match:ssl_lib.c:1312: > > Any help would be really appreciated. >
Currently there isn't an option to do that. What do you mean by "only TLSv1.1+ ciphers"? There are no ciphersuites that can only be used with TLS v1.1 (i.e. exist in TLS v1.1 but not TLS 1.0 or earlier) and currently only the AES GCM ciphersuites are the ones exclusive to TLS v1.2. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
