3 With curl's options `CURLOPT_SSL_CIPHER_LIST` and `--ciphers` users can
4 control which ciphers to consider when negotiating TLS connections.
6 The names of the known ciphers differ depending on which TLS backend that
7 libcurl was built to use. This is an attempt to list known cipher names.
11 (based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html))
13 ### SSL3 cipher suites
23 `DHE-DSS-DES-CBC3-SHA`
24 `DHE-RSA-DES-CBC3-SHA`
28 ### TLS v1.0 cipher suites
36 `DHE-DSS-DES-CBC3-SHA`
37 `DHE-RSA-DES-CBC3-SHA`
41 ### AES ciphersuites from RFC3268, extending TLS v1.0
56 ### SEED ciphersuites from RFC4162, extending TLS v1.0
65 ### GOST ciphersuites, extending TLS v1.0
67 `GOST94-GOST89-GOST89`
68 `GOST2001-GOST89-GOST89`
70 `GOST2001-NULL-GOST94`
72 ### Elliptic curve cipher suites
76 `ECDHE-RSA-DES-CBC3-SHA`
77 `ECDHE-RSA-AES128-SHA`
78 `ECDHE-RSA-AES256-SHA`
79 `ECDHE-ECDSA-NULL-SHA`
81 `ECDHE-ECDSA-DES-CBC3-SHA`
82 `ECDHE-ECDSA-AES128-SHA`
83 `ECDHE-ECDSA-AES256-SHA`
90 ### TLS v1.2 cipher suites
97 `DH-RSA-AES128-SHA256`
98 `DH-RSA-AES256-SHA256`
99 `DH-RSA-AES128-GCM-SHA256`
100 `DH-RSA-AES256-GCM-SHA384`
101 `DH-DSS-AES128-SHA256`
102 `DH-DSS-AES256-SHA256`
103 `DH-DSS-AES128-GCM-SHA256`
104 `DH-DSS-AES256-GCM-SHA384`
105 `DHE-RSA-AES128-SHA256`
106 `DHE-RSA-AES256-SHA256`
107 `DHE-RSA-AES128-GCM-SHA256`
108 `DHE-RSA-AES256-GCM-SHA384`
109 `DHE-DSS-AES128-SHA256`
110 `DHE-DSS-AES256-SHA256`
111 `DHE-DSS-AES128-GCM-SHA256`
112 `DHE-DSS-AES256-GCM-SHA384`
113 `ECDHE-RSA-AES128-SHA256`
114 `ECDHE-RSA-AES256-SHA384`
115 `ECDHE-RSA-AES128-GCM-SHA256`
116 `ECDHE-RSA-AES256-GCM-SHA384`
117 `ECDHE-ECDSA-AES128-SHA256`
118 `ECDHE-ECDSA-AES256-SHA384`
119 `ECDHE-ECDSA-AES128-GCM-SHA256`
120 `ECDHE-ECDSA-AES256-GCM-SHA384`
123 `ADH-AES128-GCM-SHA256`
124 `ADH-AES256-GCM-SHA384`
131 `DHE-RSA-AES128-CCM8`
132 `DHE-RSA-AES256-CCM8`
133 `ECDHE-ECDSA-AES128-CCM`
134 `ECDHE-ECDSA-AES256-CCM`
135 `ECDHE-ECDSA-AES128-CCM8`
136 `ECDHE-ECDSA-AES256-CCM8`
138 ### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2
140 `ECDHE-ECDSA-CAMELLIA128-SHA256`
141 `ECDHE-ECDSA-CAMELLIA256-SHA384`
142 `ECDHE-RSA-CAMELLIA128-SHA256`
143 `ECDHE-RSA-CAMELLIA256-SHA384`
157 ### SSL3/TLS cipher suites
170 `fortezza_rc4_128_sha`
173 ### TLS 1.0 Exportable 56-bit Cipher Suites
180 `dhe_dss_aes_128_cbc_sha`
181 `dhe_dss_aes_256_cbc_sha`
182 `dhe_rsa_aes_128_cbc_sha`
183 `dhe_rsa_aes_256_cbc_sha`
189 `ecdh_ecdsa_null_sha`
190 `ecdh_ecdsa_rc4_128_sha`
191 `ecdh_ecdsa_3des_sha`
192 `ecdh_ecdsa_aes_128_sha`
193 `ecdh_ecdsa_aes_256_sha`
194 `ecdhe_ecdsa_null_sha`
195 `ecdhe_ecdsa_rc4_128_sha`
196 `ecdhe_ecdsa_3des_sha`
197 `ecdhe_ecdsa_aes_128_sha`
198 `ecdhe_ecdsa_aes_256_sha`
202 `ecdh_rsa_aes_128_sha`
203 `ecdh_rsa_aes_256_sha`
205 `ecdhe_rsa_rc4_128_sha`
207 `ecdhe_rsa_aes_128_sha`
208 `ecdhe_rsa_aes_256_sha`
210 `ecdh_anon_rc4_128sha`
212 `ecdh_anon_aes_128_sha`
213 `ecdh_anon_aes_256_sha`
215 ### HMAC-SHA256 cipher suites
218 `rsa_aes_128_cbc_sha_256`
219 `rsa_aes_256_cbc_sha_256`
220 `dhe_rsa_aes_128_cbc_sha_256`
221 `dhe_rsa_aes_256_cbc_sha_256`
222 `ecdhe_ecdsa_aes_128_cbc_sha_256`
223 `ecdhe_rsa_aes_128_cbc_sha_256`
225 ### AES GCM cipher suites in RFC 5288 and RFC 5289
227 `rsa_aes_128_gcm_sha_256`
228 `dhe_rsa_aes_128_gcm_sha_256`
229 `dhe_dss_aes_128_gcm_sha_256`
230 `ecdhe_ecdsa_aes_128_gcm_sha_256`
231 `ecdh_ecdsa_aes_128_gcm_sha_256`
232 `ecdhe_rsa_aes_128_gcm_sha_256`
233 `ecdh_rsa_aes_128_gcm_sha_256`
235 ### cipher suites using SHA384
237 `rsa_aes_256_gcm_sha_384`
238 `dhe_rsa_aes_256_gcm_sha_384`
239 `dhe_dss_aes_256_gcm_sha_384`
240 `ecdhe_ecdsa_aes_256_sha_384`
241 `ecdhe_rsa_aes_256_sha_384`
242 `ecdhe_ecdsa_aes_256_gcm_sha_384`
243 `ecdhe_rsa_aes_256_gcm_sha_384`
245 ### chacha20-poly1305 cipher suites
247 `ecdhe_rsa_chacha20_poly1305_sha_256`
248 `ecdhe_ecdsa_chacha20_poly1305_sha_256`
249 `dhe_rsa_chacha20_poly1305_sha_256`
253 Ciphers are internally defined as numeric codes (https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm),
254 but libcurl maps them to the following case-insensitive names.
256 ### SSL2 cipher suites (insecure: disabled by default)
265 ### SSL3 cipher suites
276 ### TLS v1.0 cipher suites
289 ### TLS v1.1 cipher suites
300 ### TLS v1.2 cipher suites
324 `DHE-RSA-AES128-SHA`,
325 `DHE-RSA-AES256-SHA`,
326 `DHE-PSK-AES256-GCM-SHA384`,
327 `DHE-PSK-AES128-GCM-SHA256`,
328 `PSK-AES256-GCM-SHA384`,
329 `PSK-AES128-GCM-SHA256`,
330 `DHE-PSK-AES256-CBC-SHA384`,
331 `DHE-PSK-AES128-CBC-SHA256`,
332 `PSK-AES256-CBC-SHA384`,
333 `PSK-AES128-CBC-SHA256`,
334 `PSK-AES128-CBC-SHA`,
335 `PSK-AES256-CBC-SHA`,
336 `DHE-PSK-AES128-CCM`,
337 `DHE-PSK-AES256-CCM`,
342 `DHE-PSK-NULL-SHA384`,
343 `DHE-PSK-NULL-SHA256`,
359 `ECDHE-ECDSA-AES128-CCM`,
360 `ECDHE-ECDSA-AES128-CCM-8`,
361 `ECDHE-ECDSA-AES256-CCM-8`,
362 `ECDHE-RSA-AES128-SHA`,
363 `ECDHE-RSA-AES256-SHA`,
364 `ECDHE-ECDSA-AES128-SHA`,
365 `ECDHE-ECDSA-AES256-SHA`,
367 `ECDHE-RSA-DES-CBC3-SHA`,
368 `ECDHE-ECDSA-RC4-SHA`,
369 `ECDHE-ECDSA-DES-CBC3-SHA`,
372 `DHE-RSA-AES128-SHA256`,
373 `DHE-RSA-AES256-SHA256`,
374 `ECDH-RSA-AES128-SHA`,
375 `ECDH-RSA-AES256-SHA`,
376 `ECDH-ECDSA-AES128-SHA`,
377 `ECDH-ECDSA-AES256-SHA`,
379 `ECDH-RSA-DES-CBC3-SHA`,
380 `ECDH-ECDSA-RC4-SHA`,
381 `ECDH-ECDSA-DES-CBC3-SHA`,
384 `DHE-RSA-AES128-GCM-SHA256`,
385 `DHE-RSA-AES256-GCM-SHA384`,
386 `ECDHE-RSA-AES128-GCM-SHA256`,
387 `ECDHE-RSA-AES256-GCM-SHA384`,
388 `ECDHE-ECDSA-AES128-GCM-SHA256`,
389 `ECDHE-ECDSA-AES256-GCM-SHA384`,
390 `ECDH-RSA-AES128-GCM-SHA256`,
391 `ECDH-RSA-AES256-GCM-SHA384`,
392 `ECDH-ECDSA-AES128-GCM-SHA256`,
393 `ECDH-ECDSA-AES256-GCM-SHA384`,
395 `DHE-RSA-CAMELLIA128-SHA`,
397 `DHE-RSA-CAMELLIA256-SHA`,
398 `CAMELLIA128-SHA256`,
399 `DHE-RSA-CAMELLIA128-SHA256`,
400 `CAMELLIA256-SHA256`,
401 `DHE-RSA-CAMELLIA256-SHA256`,
402 `ECDHE-RSA-AES128-SHA256`,
403 `ECDHE-ECDSA-AES128-SHA256`,
404 `ECDH-RSA-AES128-SHA256`,
405 `ECDH-ECDSA-AES128-SHA256`,
406 `ECDHE-RSA-AES256-SHA384`,
407 `ECDHE-ECDSA-AES256-SHA384`,
408 `ECDH-RSA-AES256-SHA384`,
409 `ECDH-ECDSA-AES256-SHA384`,
410 `ECDHE-RSA-CHACHA20-POLY1305`,
411 `ECDHE-ECDSA-CHACHA20-POLY1305`,
412 `DHE-RSA-CHACHA20-POLY1305`,
413 `ECDHE-RSA-CHACHA20-POLY1305-OLD`,
414 `ECDHE-ECDSA-CHACHA20-POLY1305-OLD`,
415 `DHE-RSA-CHACHA20-POLY1305-OLD`,
418 `RENEGOTIATION-INFO`,
420 `ECDHE-ECDSA-NULL-SHA`,
421 `ECDHE-PSK-NULL-SHA256`,
422 `ECDHE-PSK-AES128-CBC-SHA256`,
423 `PSK-CHACHA20-POLY1305`,
424 `ECDHE-PSK-CHACHA20-POLY1305`,
425 `DHE-PSK-CHACHA20-POLY1305`,
426 `EDH-RSA-DES-CBC3-SHA`,