1. 암호화 개념
기본 암호화 구조와 대칭키/비대칭키 개념 과 Cipher Suite 과 이를 이용한 TLS/DTLS의 기본에 대해 알아보도록 하자
SSL/TLS의 기본자료 및 지원사항 확인
암호화를 하는 방법에서 보면 기본구조는 다음과 같이 두 개의 기본구조로 구성이 되어지는 것 같다.
- 대칭키 구조: 1개의 Key를 사용하여 Encryption/Decrytion 을 진행
- 동일한 Key를 가지고 Encryption하고 Decrytion을 진행하며, 주로 Blocker Cipher이용되어짐
- 비대칭키 구조: 2개의 Key를 사용하여 Encryption/Decrytion 을 진행
- Public Key 와 Private Key로 Encryption과 Decrytion 할때 각각 다르게 사용
1.1 대칭키의 기본개념
말그대로, 대칭으로 단일 Key 구성으로 Encode 와 Decode를 함께 진행 할 수 있는 암호화 방식이다.
조금 쉽게 생각하고자하면, 자료구조에서 배운 Hash 기반으로 암호화구성도 가능하다.
그래서 구조가 간단하고 이해하기도 쉽다.
대칭키
- Stream cipher(RC4)
- Block cipher (RC5, AES)
Block Cipher와 큰 차이점을 잘 모르겠으나, RC4는 Stream Cipher지만 RC5는 Block Cipher되는 것으로 보아
알고리즘사용이 점차 Block Cipher쪽으로 변해가는 것 같으며, 생각해보면, 사용처가 비슷하다.
현재 가장 많이 사용되는 것이 AES 으로 보이며 대칭키로 암호화 하는 방식인데, 현재 알고리즘에따라 조금씩 다르지만, 주로 128/198/256기반으로 사용되어진다.
TLS 내부에서는 주로 보내는 Message를 Encode을 하는 역할인데, 이때 Block Chain 형식처럼 순환구조로 연결하여 주로 사용하는 구조이다.
Block Cipher의 역사 및 관련내용들이 자세히 기술되어있음
DES(Data Encryption Standard)
현재 거의 사용하지 않는 것으로 보이며, 주로 AES 사용
AES(Advanced Encryption Standard)
가장 많이사용되며, 이 기반으로 파생된 ARIA 이외에도 다양하다.(ARIA는 국내용으로 사용)
현재 KCMVP는 ARIA를 적극적으로 밀고 있지만, 별로
DES 와 AES 차이
DES 와 AES의 차이를 알아두도록 하고 파생 Block Cipher들은 다양하다.
- MAC(Message Authentication Code)/Message Authentication
Message Authentication Code로 Message 인증이라고 생각하면 될 꺼같다
Key 즉 Hash 함수에 특정 Key 값를 이용하여 Message 가 맞는지 검증하는 방식이다.
Openssl에서 흔히 digest라고 하며, MD5 or SHA로 사용되어지며 Message 검증여부로 사용되어진다.
- SENDER: 보낼 Message가 존재하고, Key/Hash함수에 Key 값을 넣어 MAC을 얻는다
- RECEIVER: 받은 Message가 맞는지 검증을 위해서 MAC을 이용하여 검증한다
- Block/Stream Cipher 와 운영모드(ECB/CBC/CFB/OFB)
Block Cipher는 Data를 암호화하는 방법으로 Key 값 기반으로 암호화를 한다.
TLS에서 실제 전송할 Data를 암호화(Encrpyt) 와 복호화(Decrypt)운영하는 방식이므로 다만 운영하는 방식이 다양하다.
ECB/GCM/CBC/CFB/OFB 에 대해서는 아래링크를 보도록 하자.
Block Cipher의 운영 세부내용은 아래 참조
그림과 같이 자세히 설명이 되어있어 아래 사이트들을 반드시 참조
TLS에서 아래와 같이 사용하는 Block Cipher 와 사용하는 Bit 운영모드로 구분해서 명시한다.
- AES-128-ECB : 상위 사이트 참조 (구조가 너무 간단함)
- AES-128-GCM : 주로 이것을 권장하지만, 아직 완벽히 이해못함 (GMAC도 이해해야함)
- AES-128-CBC : 우선 기본개념을 위해 이것만 설명
AES-128-CBC 동작 예
CBC(Cipher Block Chaining)을 보면, Block Chain 기술생각이 날 것이며, 이전 IV값을 모르면 안되니, 연속적으로 Data를 암호화하여 Chaning 가능하다
- IV(initialzation Vector) : 암호화 하기전에, 넣는 Vector값으로 128bit 사용
- Plaintext: 암호화 되기 전의 TEXT 128bit 기반으로 사용
- Ciphertext: IV XOR Plain Text Data를 AES로 암호화 된 TEXT
Encryption 기본개념 순서
Encryption 순서
- IV(initialzation Vector) 와 PlainText 128 Bit 단위로 XOR연산 진행
- 상위 결과 값 기반으로 AES 암호화가 진행 (Key 값은 128bit)
- AES-128 기반으로 Cipher Text 생성
- AES-128 기반으로 new IV(initialzation Vector) 생성
Decryption 순서
- AES-128기반 Cipher Text를 받음
- Key를 이용하여 Decrpyt 진행 (Key 값은 128bit) 와 new IV(initialzation Vector) 생성
- 상위 Decrpyt 된 Text 와 IV(initialzation Vector) 128 Bit 단위로 XOR연산 진행
- Plain Text 생성
MAC이 AEAD(Authenticated Encryption with Associated Data) 일 경우
openssl ciphers -v 에서 MAC이 AEAD의 경우
상위 Block/Stream Cipher를 Data 암호화가 용도가 아닌 MAC 용도로 사용한다고 한다.
1.2 비대칭키(Public Key) 의 기본개념
비대칭암호화(asymmetric cryptography)로라고 하며, 한번에 두 개의 Key를 각각 생성하여 Encryption 과 Decryption을 별도의 Key로 사용을 한다.
양방향으로 통신을 할 경우 서로 Public Key를 교환을 한 후 상대방이 나의 Public Key로 Encoding 하면,
나의 경우
Encoding 된 Data를 Private Key로 Decode를 하면 이를 볼 수 있는 구조이다.
- 비대칭키(Asymmetric Key)의 기본구조
- Encryption 은 Public Key
- Decryption 은 Private Key
- Alice는 본인의 Public Key 와 Private Key를 생성
- Bob는 본인의 Public Key 와 Private Key를 생성
- Bob 과 Alice가 암호화 비대칭키로 통신
- Bob 은 Alice 의 Public Key로 Encrypt를 하여 보내면, Alice는 Alice의 Private Key로 이를 Decrypt하여 Decoding 진행한다.
- Alice와 Bob은 서로의 Public Key를 교환하고 각자 본인의 Private Key로 이를 Decoding 하여 통신하면 암호화되어 통신된다
관련내용출처
https://en.wikipedia.org/wiki/Public-key_cryptography- 비대칭(Public Key) 기반의 예 (키 교환방법)
Diffie–Hellman key exchange 에서도 아래와 같이 이용이 된다고 하는데, Combine Keys를 만들어 키 교환 알고리즘을 사용한다고 하는데,
이부분은 좀 더 이해가 필요할 것 같다.
- 비대칭(Public Key) 기반의 예 (인증서 Sign/Verify)
Digital Signature에서보면, Alice의 Private Key 와 Public Key를 이용하여 Sign과 Verify를 진행을 한다.
RootCA 와 Certificate 의 기본구조
이를 보통이해하기 위해서는 ITU-T 와 IETF 문서를 대충 이해할 수 있는 수준은 되어야한다.
더불어, OpenSSL을 기본적으로 어느정도 사용을 할 줄 알아야 한다.
PKCS(Public-Key Cryptography Standards)
PKCS#1~15까지 존재하며, 각각의 숫자마다 해당하는 표준이 존재하며, 이부분 역시 OpenSSL 혹은 MbedTLS에 존재한다.
PKCS 알고있는 것들을 간략하게 소개하며 정리한다.
우선 Public Keys는 비대칭 키이므로, Private Key가 존재하며, 이 관련내용을 숙지해야한다.
그리고, 관련 표준내용확인, 그리고, Public Key 보관방법 과 통신을 할 경우의 문법필요
RSA 관련된 내용이지만, 현재 RSA는 거의 잘 사용되지 않는 방향으로 가는 것 같다.
참고만 하고,
ITU-T에서
ASN.1의 문법은 필수이다.
TLS/DTLS에서 사용하는 Key 교환 알고리즘이며, 이는 TLS를 보면된다.
X.509v1 (Cefificate)에서 확장(Extended)되어 v3으로 사용하기 위해서 사용되어지는 것이다.
역시, 이를 이해하기 위해서는 ASN.1는 필수 이며, OpenSSL을 이용하여 분석가능하다.
예를들면, TLS의 경우, 처음 Key 교환 후, 대칭키 AES 기반으로 Message를 주고 받는데,
AES-128-ECB/기타 사용할 경우 ZERO Padding or PKCS7 Padding 방식으로 주로 Message 기반으로 통신에서 사용되어진다.
이 부분은 추후 AES를 사용해보면 좀 자세히 알게 될 것 같다.
Public-Key는 비대칭키 이므로, Private Key를 저장하는 표준으로 보통 Private Key는 PEM base64로 encoded 되어진다.
CSR이라고 하며, Cerficate를 요청하는 표준이라고 생각하면 되겠다.
PKCS#11: Cryptographic Token Interface 주로 Certificate , 즉 인증서를 보관하는 Interface이며, Device에서 많이 사용되어진다.
Device는 이 PKCS11 Interface API를 통해 접근하도록하고, 철저히 암호화 한다.
즉 Device 입장에서, 외부에 별도로 보관하는 방법으로 Interface 제공한다.
이는 보안을 철저이 하고자 함이며, 이 보안을 걸쳐 TLS를 비롯하여, Secure Boot 이용한다.
PKC#13: Elliptic-curve cryptography Standard 보통 ECC(Elliptic Curve Cryptography)라고 하며, RSA보다 이를 선호하는데,
이유는 암호화 속도와 저장공간이 줄어들어서라고 한다.
이 부분은 추후에 ECDSA를 자세히 분석하도록 하겠다.
2. SSL/TLS의 Cipher SuiteTLS(Transport Layer Security)는 SSL(Secure Socket Layer) Protocol기반으로
TCP를 이용하여 암호화 하는 방식이며,
UDP를 사용할 경우 DTLS라고 한다.
기본적으로 신뢰할 수 없는 양쪽 통신에서 키 교환부터 인증 및 주고 받는 메시지 암호화까지 전부를 관리하는 통신기술이다.
그 중 Cipher Suite은 TLS에서 사용하는 암호화 구성을 나타내어주는 Set,즉 각 구성들을 리스트로 보여준다.
각 Device들은 이 정보를 기반으로 지원하는 Cipher Suite로 암호화 통신이 가능한지 쉽게 파악이 가능하다.
- SSL/TLS Cipher Suite 분석방법
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS: TLS Protocol 사용 (TCP)
- ECDHE: Key 교환 알고리즘
- RSA: Authentication으로 (handshake 중 양쪽 인증서 인증)
- AES_128_GCM: AES 기반으로 128 bit Key 기반으로 GCM방식으로 운영 Block Cipher
- SHA256: message authentication으로 MAC(Message Authentication Code)
TLS 통신을 진행하게 되면, 통신하는 양쪽 서로 이 키 교환 후, 각 암호환 된 Message 주고 받고 이를 검증하는 시스템이다.
물론 TLS의 각 설정에 따라 다르겠지만, 그정도로 보안성이 높다고 할 수 있다.
그러므로, 여러 Protocol 접목되어 사용되어지고 있다.
TLS은 아래의 순서대로 진행되기 때문에 항상 순서대로 이해하도록 하자
- Key exchange/agreement: 대칭키 or 비대칭키 방식으로 TLS에서 각자의 Key를 교환알고리즘
- Authentication: 인증으로 Server/Client의 인증을 말한다.
- Bulk encryption/Block/Stream/Ciphers: 대칭키알고리즘으로 실제 전송 DATA를 encryption
- MAC/Message Authentication: 전송 Data의 검증 및 인증
Window의 Cipher Suite 확인
2.1 OpenSSL의 Block/Stream/MAC 테스트
주의해야 할 것은 각 Device 마다 지원되는사항이 다를 수 있으므로, 반드시 확인하도록 하자
- digest-command 와 cipher command 테스트
OpenSSL digest(MAC) 과
cipher(Block/Stream Cipher) 관련 Command 확인
$ openssl list -help
Usage: list [options]
Valid options are:
-help Display this summary
-1 List in one column
-commands List of standard commands
-digest-commands List of message digest commands
-digest-algorithms List of message digest algorithms
-cipher-commands List of cipher commands
-cipher-algorithms List of cipher algorithms
-public-key-algorithms List of public key algorithms
-public-key-methods List of public key methods
-disabled List of disabled features
-missing-help List missing detailed help strings
-options val List options for specified command
$ openssl list -digest-commands // 상위에서 설명한 MAC에 해당하는 알고리즘
blake2b512 blake2s256 gost md4
md5 mdc2 rmd160 sha1
sha224 sha256 sha3-224 sha3-256
sha3-384 sha3-512 sha384 sha512
sha512-224 sha512-256 shake128 shake256
sm3
$ openssl list -cipher-commands // 상위에서 설명한 Block/Stream Cipher와 이 기반의 운영방식
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb aria-128-cbc aria-128-cfb
aria-128-cfb1 aria-128-cfb8 aria-128-ctr aria-128-ecb
aria-128-ofb aria-192-cbc aria-192-cfb aria-192-cfb1
aria-192-cfb8 aria-192-ctr aria-192-ecb aria-192-ofb
aria-256-cbc aria-256-cfb aria-256-cfb1 aria-256-cfb8
aria-256-ctr aria-256-ecb aria-256-ofb base64
bf bf-cbc bf-cfb bf-ecb
bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc
camellia-192-ecb camellia-256-cbc camellia-256-ecb cast
cast-cbc cast5-cbc cast5-cfb cast5-ecb
cast5-ofb des des-cbc des-cfb
des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb des-ofb des3 desx
idea idea-cbc idea-cfb idea-ecb
idea-ofb rc2 rc2-40-cbc rc2-64-cbc
rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40 seed seed-cbc
seed-cfb seed-ecb seed-ofb sm4-cbc
sm4-cfb sm4-ctr sm4-ecb sm4-ofb
$ openssl speed -help
Usage: speed [options] ciphers...
Valid options are:
-help Display this summary
-evp val Use EVP-named cipher or digest
-decrypt Time decryption instead of encryption (only EVP)
-aead Benchmark EVP-named AEAD cipher in TLS-like sequence
-mb Enable (tls1>=1) multi-block mode on EVP-named cipher
-mr Produce machine readable output
-multi +int Run benchmarks in parallel
-async_jobs +int Enable async mode and start specified number of jobs
-rand val Load the file(s) into the random number generator
-writerand outfile Write random data to the specified file
-engine val Use engine, possibly a hardware device
-elapsed Use wall-clock time instead of CPU user time as divisor
-primes +int Specify number of primes (for RSA only)
-seconds +int Run benchmarks for specified amount of seconds
-bytes +int Run [non-PKI] benchmarks on custom-sized buffer
-misalign +int Use specified offset to mis-align buffers
OpenSSL 관련설명 및 함수
https://www.openssl.org/docs/man1.0.2/man3/evp.html
https://www.openssl.org/docs/man1.0.2/man3/EVP_EncryptInit.html
- OpenSSL의 AES-128-CBC의 PC 처리속도
Laptop Ubuntun 3초 동안 Block Cipher 의 성능을 측정해보면, 매번 조금씩 다르지만, 평균값으로 계산
// 일반 Ubuntu PC 기반 테스트 - 확인사항
$ openssl speed -evp aes-128-cbc // 3초동안 처리가능한 각 size 별 blocks 수 확인
Doing aes-128-cbc for 3s on 16 size blocks: 99970413 aes-128-cbc's in 3.00s // 최종결과로 16 x 99970413 / 3s = 533,175,536 (533175.54k), 즉 bytes per second 변경
Doing aes-128-cbc for 3s on 64 size blocks: 29734079 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 7579414 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 1902764 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 238073 aes-128-cbc's in 3.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed. // 1s동안 각 처리한 bytes 비교
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 533175.54k 634327.02k 646776.66k 649476.78k 650098.01k
$ openssl speed -evp aes-128-cbc // 3초동안 처리가능한 각 size 별 blocks 수 확인 (상위와 비슷함)
Doing aes-128-cbc for 3s on 16 size blocks: 99909269 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 29840898 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 7580732 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 1902763 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 238123 aes-128-cbc's in 3.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 532849.43k 636605.82k 646889.13k 649476.44k 650234.54k
$ openssl speed aes-128-cbc // -evp 옵션제거하면, 왜 많이 차이 나는지는 정확히 모르겠음
Doing aes-128 cbc for 3s on 16 size blocks: 18950418 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 5106208 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 1298409 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 326887 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 40944 aes-128 cbc's in 3.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed. // 1s동안 각 처리한 bytes 비교, 상위와 차이가 많이남
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 101068.90k 108932.44k 110797.57k 111577.43k 111804.42k
$ openssl speed aes-128-cbc // -evp 옵션제거하면, 오차도 심함
Doing aes-128 cbc for 3s on 16 size blocks: 16931056 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 64 size blocks: 5108214 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 256 size blocks: 1298789 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 1024 size blocks: 326969 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 40938 aes-128 cbc's in 3.00s
OpenSSL 1.0.2g 1 Mar 2016
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed. // 1s동안 각 처리한 bytes 비교, 동일한 command인데 오차가 심함
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 90298.97k 108975.23k 110829.99k 111605.42k 111788.03k
- OpenSSL의 AES-128-CBC의 ARM 처리속도
ARM기반의 AP에서 이를 측정하며, 상위 Laptop 기반과 비교해보면, 3초 측정이 잘 안지켜짐
// ARM기반의 AP에서 OpenSSL에서 테스트 - 확인사항
$ openssl speed -evp aes-128-cbc // 3초동안 처리가능한 각 size 별 blocks 수 확인(3초가 안지켜지는데, 다른 곳에서 OpenSSL를 사용 or CPU 사용문제)
Doing aes-128-cbc for 3s on 16 size blocks: 3853682 aes-128-cbc's in 2.85s // 최종결과로 16 x 3853682 / 2.85s = 21,634,705.96491228 (21634.71k)
Doing aes-128-cbc for 3s on 64 size blocks: 1144605 aes-128-cbc's in 2.85s
Doing aes-128-cbc for 3s on 256 size blocks: 301595 aes-128-cbc's in 2.85s
Doing aes-128-cbc for 3s on 1024 size blocks: 76442 aes-128-cbc's in 2.85s
Doing aes-128-cbc for 3s on 8192 size blocks: 9572 aes-128-cbc's in 2.84s
Doing aes-128-cbc for 3s on 16384 size blocks: 4753 aes-128-cbc's in 2.82s
OpenSSL 1.1.1b 26 Feb 2019
built on: Tue Oct 27 08:41:13 2020 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: arm-poky-linux-gnueabi-gcc -mfpu=neon -mfloat-abi=hard -mcpu=cortex-a9 --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 21634.71k 25703.41k 27090.64k 27465.48k 27610.50k 27614.59k
$ openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 3848965 aes-128-cbc's in 2.84s
Doing aes-128-cbc for 3s on 64 size blocks: 1142228 aes-128-cbc's in 2.84s
Doing aes-128-cbc for 3s on 256 size blocks: 301598 aes-128-cbc's in 2.85s
Doing aes-128-cbc for 3s on 1024 size blocks: 76500 aes-128-cbc's in 2.85s
Doing aes-128-cbc for 3s on 8192 size blocks: 9573 aes-128-cbc's in 2.84s
Doing aes-128-cbc for 3s on 16384 size blocks: 4753 aes-128-cbc's in 2.83s
OpenSSL 1.1.1b 26 Feb 2019
built on: Tue Oct 27 08:41:13 2020 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: arm-poky-linux-gnueabi-gcc -mfpu=neon -mfloat-abi=hard -mcpu=cortex-a9 --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128-cbc 21684.31k 25740.35k 27090.91k 27486.32k 27613.39k 27517.01k
$ openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 4524953 aes-128 cbc's in 2.85s
Doing aes-128 cbc for 3s on 64 size blocks: 1192731 aes-128 cbc's in 2.82s
Doing aes-128 cbc for 3s on 256 size blocks: 306092 aes-128 cbc's in 2.85s
Doing aes-128 cbc for 3s on 1024 size blocks: 77040 aes-128 cbc's in 2.84s
Doing aes-128 cbc for 3s on 8192 size blocks: 9592 aes-128 cbc's in 2.85s
Doing aes-128 cbc for 3s on 16384 size blocks: 4766 aes-128 cbc's in 2.81s
OpenSSL 1.1.1b 26 Feb 2019
built on: Tue Oct 27 08:41:13 2020 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: arm-poky-linux-gnueabi-gcc -mfpu=neon -mfloat-abi=hard -mcpu=cortex-a9 --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 25403.24k 27069.07k 27494.58k 27777.80k 27571.11k 27788.66k
$ openssl speed aes-128-cbc
Doing aes-128 cbc for 3s on 16 size blocks: 4531171 aes-128 cbc's in 2.84s
Doing aes-128 cbc for 3s on 64 size blocks: 1191326 aes-128 cbc's in 2.81s
Doing aes-128 cbc for 3s on 256 size blocks: 305709 aes-128 cbc's in 2.83s
Doing aes-128 cbc for 3s on 1024 size blocks: 77085 aes-128 cbc's in 2.86s
Doing aes-128 cbc for 3s on 8192 size blocks: 9604 aes-128 cbc's in 2.85s
Doing aes-128 cbc for 3s on 16384 size blocks: 4746 aes-128 cbc's in 2.80s
OpenSSL 1.1.1b 26 Feb 2019
built on: Tue Oct 27 08:41:13 2020 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: arm-poky-linux-gnueabi-gcc -mfpu=neon -mfloat-abi=hard -mcpu=cortex-a9 --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 25527.72k 27133.40k 27654.24k 27599.66k 27605.60k 27770.88k
$ openssl speed aes-128-cbc //동작중인 service 중지 후 실행하면, 3초가 거의지켜짐
Doing aes-128 cbc for 3s on 16 size blocks: 4811433 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 64 size blocks: 1276776 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 256 size blocks: 326993 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 1024 size blocks: 82190 aes-128 cbc's in 3.00s
Doing aes-128 cbc for 3s on 8192 size blocks: 10266 aes-128 cbc's in 2.99s
Doing aes-128 cbc for 3s on 16384 size blocks: 5148 aes-128 cbc's in 2.99s
OpenSSL 1.1.1b 26 Feb 2019
built on: Tue Oct 27 08:41:13 2020 UTC
options:bn(64,32) rc4(char) des(long) aes(partial) idea(int) blowfish(ptr)
compiler: arm-poky-linux-gnueabi-gcc -mfpu=neon -mfloat-abi=hard -mcpu=cortex-a9 --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -fdebug-prefix-map= -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
aes-128 cbc 25746.80k 27328.98k 27996.73k 28054.19k 28126.78k 28208.97k
OpenSSL에서 두 개 넣어 각각 처리속도 비교 (3초 와 10초)
// 동시에 두개 테스트 진행하며, 뒤의 RSA의 경우는 별도의 옵션 존재 -primes , -seconds
$ openssl speed aes-128-cbc rsa
Doing aes-128 cbc for 3s on 16 size blocks: 4738092 aes-128 cbc's in 2.94s
Doing aes-128 cbc for 3s on 64 size blocks: 1252558 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 256 size blocks: 321331 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 1024 size blocks: 80812 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 8192 size blocks: 10086 aes-128 cbc's in 2.94s
Doing aes-128 cbc for 3s on 16384 size blocks: 5040 aes-128 cbc's in 2.95s
Doing 512 bits private rsa's for 10s: 11617 512 bits private RSA's in 9.75s
Doing 512 bits public rsa's for 10s: 150175 512 bits public RSA's in 9.84s
Doing 1024 bits private rsa's for 10s: 2323 1024 bits private RSA's in 9.75s
Doing 1024 bits public rsa's for 10s: 53326 1024 bits public RSA's in 9.83s
Doing 2048 bits private rsa's for 10s: 394 2048 bits private RSA's in 9.80s
Doing 2048 bits public rsa's for 10s: 15840 2048 bits public RSA's in 9.82s
Doing 3072 bits private rsa's for 10s: 137 3072 bits private RSA's in 9.87s
Doing 3072 bits public rsa's for 10s: 7440 3072 bits public RSA's in 9.80s
Doing 4096 bits private rsa's for 10s: 63 4096 bits private RSA's in 9.85s
Doing 4096 bits public rsa's for 10s: 4308 4096 bits public RSA's in 9.80s
Doing 7680 bits private rsa's for 10s: 11 7680 bits private RSA's in 10.04s
Doing 7680 bits public rsa's for 10s: 1272 7680 bits public RSA's in 9.77s
Doing 15360 bits private rsa's for 10s: 2 15360 bits private RSA's in 13.57s
Doing 15360 bits public rsa's for 10s: 325 15360 bits public RSA's in 9.77s
......
$ openssl speed aes-128-cbc rsa1024 // AES-128-CBC 와 RSA1024 속도 비교
Doing aes-128 cbc for 3s on 16 size blocks: 4741717 aes-128 cbc's in 2.94s
Doing aes-128 cbc for 3s on 64 size blocks: 1251100 aes-128 cbc's in 2.94s
Doing aes-128 cbc for 3s on 256 size blocks: 321063 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 1024 size blocks: 80734 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 8192 size blocks: 10079 aes-128 cbc's in 2.93s
Doing aes-128 cbc for 3s on 16384 size blocks: 5030 aes-128 cbc's in 2.95s
Doing 1024 bits private rsa's for 10s: 2324 1024 bits private RSA's in 9.74s
Doing 1024 bits public rsa's for 10s: 53284 1024 bits public RSA's in 9.79s
......
OpenSSL의 speed 관련내용
https://www.openssl.org/docs/man1.1.0/man1/openssl-speed.html
2.2 OpenSSL의 지원되는 Cipher Suite
OpenSSL에서 지원되는 Cipher Suite 들을 알아보고 각 TLS Version 따라 달라지는 것을 확인하도록 하자
- OpenSSL에서 지원되는 Cipher Suite 확인
현재 Linux PC의 OpenSSL에서의 Cihper Suite이며, 추후 ARM or PowerPC에서 비교해야할 것 같아 이를 명시
// TLS 1.3만 TLS 표시 (e.g TLS_AES_256_GCM_SHA384 ) , TLSv1.3 이하 (e.g ECDHE-ECDSA-AES256-GCM-SHA384 )
// 확인해야 할 사항
// A. TLSvx or SSLvx ( TLS 와 SSL version)
// B. Kx= Key Exchange (키 교환)
// C. Au=Authentication (인증서)
// D. Enc=Block/stream ciphers (e.g. 운영모드 GCM: Galois Counter Mode , CBC: Cipher Block Chaining )
// E. Mac=Message authentication (Message 인증)
$ openssl ciphers -v
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
// SSL_CTX_set_cipher_list(ctx, "ALL:eNULL");
//" ALL:eNULL" :는 or 연산이며, 제외하고 싶다면, !MD5
$ openssl ciphers -v 'ALL:eNULL'
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
AECDH-AES256-SHA TLSv1 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
AECDH-AES128-SHA TLSv1 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
PSK-CAMELLIA256-SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
PSK-CAMELLIA128-SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-NULL-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
ECDHE-RSA-NULL-SHA TLSv1 Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA TLSv1 Kx=ECDH Au=None Enc=None Mac=SHA1
NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384
ECDHE-PSK-NULL-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1
RSA-PSK-NULL-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384
RSA-PSK-NULL-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256
DHE-PSK-NULL-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384
DHE-PSK-NULL-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256
RSA-PSK-NULL-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1
DHE-PSK-NULL-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
PSK-NULL-SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384
PSK-NULL-SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256
PSK-NULL-SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1
$ openssl ciphers -v "eNULL:!MD5"
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-NULL-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
ECDHE-RSA-NULL-SHA TLSv1 Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA TLSv1 Kx=ECDH Au=None Enc=None Mac=SHA1
NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384
ECDHE-PSK-NULL-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1
RSA-PSK-NULL-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384
RSA-PSK-NULL-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256
DHE-PSK-NULL-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384
DHE-PSK-NULL-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256
RSA-PSK-NULL-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1
DHE-PSK-NULL-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
PSK-NULL-SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384
PSK-NULL-SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256
PSK-NULL-SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1
// SSL_CTX_set_cipher_list(ctx, "ALL:NULL:eNULL:aNULL");
$ openssl ciphers -v "ALL:NULL:eNULL:aNULL"
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
AECDH-AES256-SHA TLSv1 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
AECDH-AES128-SHA TLSv1 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
PSK-CAMELLIA256-SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
PSK-CAMELLIA128-SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-NULL-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
ECDHE-RSA-NULL-SHA TLSv1 Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA TLSv1 Kx=ECDH Au=None Enc=None Mac=SHA1
NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384
ECDHE-PSK-NULL-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1
RSA-PSK-NULL-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384
RSA-PSK-NULL-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256
DHE-PSK-NULL-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384
DHE-PSK-NULL-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256
RSA-PSK-NULL-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1
DHE-PSK-NULL-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
PSK-NULL-SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384
PSK-NULL-SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256
PSK-NULL-SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1
$ openssl ciphers -v "ALL:NULL:eNULL:aNULL" // SSL_CTX_set_cipher_list(ctx, "ALL:NULL:eNULL:aNULL");
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(256) Mac=AEAD
DHE-RSA-AES256-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD
DHE-RSA-AES256-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(256) Mac=AEAD
ECDHE-ARIA256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-DSS-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(256) Mac=AEAD
DHE-RSA-ARIA256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(256) Mac=AEAD
ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM8(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESCCM(128) Mac=AEAD
DHE-RSA-AES128-CCM8 TLSv1.2 Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD
DHE-RSA-AES128-CCM TLSv1.2 Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ARIAGCM(128) Mac=AEAD
ECDHE-ARIA128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-DSS-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=ARIAGCM(128) Mac=AEAD
DHE-RSA-ARIA128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=ARIAGCM(128) Mac=AEAD
ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-DSS-AES256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256
DHE-DSS-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA256
ADH-AES256-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256
ADH-CAMELLIA256-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(256) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-DSS-AES128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-DSS-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA256
ADH-AES128-SHA256 TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256
ADH-CAMELLIA128-SHA256 TLSv1.2 Kx=DH Au=None Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1
AECDH-AES256-SHA TLSv1 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
ADH-CAMELLIA256-SHA SSLv3 Kx=DH Au=None Enc=Camellia(256) Mac=SHA1
ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=SHA1
DHE-DSS-SEED-SHA SSLv3 Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1
AECDH-AES128-SHA TLSv1 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1
ADH-SEED-SHA SSLv3 Kx=DH Au=None Enc=SEED(128) Mac=SHA1
ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None Enc=Camellia(128) Mac=SHA1
RSA-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-PSK-AES256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(256) Mac=AEAD
RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-PSK-AES256-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
DHE-PSK-AES256-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(256) Mac=AEAD
RSA-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(256) Mac=AEAD
DHE-PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD
AES256-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD
AES256-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD
ARIA256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(256) Mac=AEAD
PSK-AES256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(256) Mac=AEAD
PSK-CHACHA20-POLY1305 TLSv1.2 Kx=PSK Au=PSK Enc=CHACHA20/POLY1305(256) Mac=AEAD
PSK-AES256-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(256) Mac=AEAD
PSK-AES256-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(256) Mac=AEAD
PSK-ARIA256-GCM-SHA384 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(256) Mac=AEAD
RSA-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESGCM(128) Mac=AEAD
DHE-PSK-AES128-CCM8 TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
DHE-PSK-AES128-CCM TLSv1.2 Kx=DHEPSK Au=PSK Enc=AESCCM(128) Mac=AEAD
RSA-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=RSAPSK Au=RSA Enc=ARIAGCM(128) Mac=AEAD
DHE-PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=DHEPSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD
AES128-CCM8 TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD
AES128-CCM TLSv1.2 Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD
ARIA128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=ARIAGCM(128) Mac=AEAD
PSK-AES128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=AESGCM(128) Mac=AEAD
PSK-AES128-CCM8 TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM8(128) Mac=AEAD
PSK-AES128-CCM TLSv1.2 Kx=PSK Au=PSK Enc=AESCCM(128) Mac=AEAD
PSK-ARIA128-GCM-SHA256 TLSv1.2 Kx=PSK Au=PSK Enc=ARIAGCM(128) Mac=AEAD
AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256
CAMELLIA256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256
CAMELLIA128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA256
ECDHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA384
ECDHE-PSK-AES256-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(256) Mac=SHA1
SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(256) Mac=SHA1
SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1
SRP-AES-256-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(256) Mac=SHA1
RSA-PSK-AES256-CBC-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384
DHE-PSK-AES256-CBC-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA384
RSA-PSK-AES256-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA1
DHE-PSK-AES256-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(256) Mac=SHA1
ECDHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
RSA-PSK-CAMELLIA256-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(256) Mac=SHA384
DHE-PSK-CAMELLIA256-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(256) Mac=SHA384
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
PSK-AES256-CBC-SHA384 TLSv1 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA384
PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
PSK-CAMELLIA256-SHA384 TLSv1 Kx=PSK Au=PSK Enc=Camellia(256) Mac=SHA384
ECDHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA256
ECDHE-PSK-AES128-CBC-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=AES(128) Mac=SHA1
SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS Enc=AES(128) Mac=SHA1
SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1
SRP-AES-128-CBC-SHA SSLv3 Kx=SRP Au=SRP Enc=AES(128) Mac=SHA1
RSA-PSK-AES128-CBC-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA256
DHE-PSK-AES128-CBC-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA256
RSA-PSK-AES128-CBC-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=AES(128) Mac=SHA1
DHE-PSK-AES128-CBC-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=AES(128) Mac=SHA1
ECDHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
RSA-PSK-CAMELLIA128-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=Camellia(128) Mac=SHA256
DHE-PSK-CAMELLIA128-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=Camellia(128) Mac=SHA256
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
PSK-AES128-CBC-SHA256 TLSv1 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA256
PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
PSK-CAMELLIA128-SHA256 TLSv1 Kx=PSK Au=PSK Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-NULL-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
ECDHE-RSA-NULL-SHA TLSv1 Kx=ECDH Au=RSA Enc=None Mac=SHA1
AECDH-NULL-SHA TLSv1 Kx=ECDH Au=None Enc=None Mac=SHA1
NULL-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA384 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA384
ECDHE-PSK-NULL-SHA256 TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA256
ECDHE-PSK-NULL-SHA TLSv1 Kx=ECDHEPSK Au=PSK Enc=None Mac=SHA1
RSA-PSK-NULL-SHA384 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA384
RSA-PSK-NULL-SHA256 TLSv1 Kx=RSAPSK Au=RSA Enc=None Mac=SHA256
DHE-PSK-NULL-SHA384 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA384
DHE-PSK-NULL-SHA256 TLSv1 Kx=DHEPSK Au=PSK Enc=None Mac=SHA256
RSA-PSK-NULL-SHA SSLv3 Kx=RSAPSK Au=RSA Enc=None Mac=SHA1
DHE-PSK-NULL-SHA SSLv3 Kx=DHEPSK Au=PSK Enc=None Mac=SHA1
NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
PSK-NULL-SHA384 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA384
PSK-NULL-SHA256 TLSv1 Kx=PSK Au=PSK Enc=None Mac=SHA256
PSK-NULL-SHA SSLv3 Kx=PSK Au=PSK Enc=None Mac=SHA1
OpenSSL Cipher List https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html