1# Ciphers 2 3With curl's options 4[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html) 5and 6[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers) 7users can control which ciphers to consider when negotiating TLS connections. 8 9TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+, and since 10curl 7.85 for Schannel with options 11[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) 12and 13[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) 14. If you are using a different SSL backend you can try setting TLS 1.3 cipher 15suites by using the respective regular cipher option. 16 17The names of the known ciphers differ depending on which TLS backend that 18libcurl was built to use. This is an attempt to list known cipher names. 19 20## OpenSSL 21 22(based on [OpenSSL docs](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html)) 23 24When specifying multiple cipher names, separate them with colon (`:`). 25 26### SSL3 cipher suites 27 28`NULL-MD5` 29`NULL-SHA` 30`RC4-MD5` 31`RC4-SHA` 32`IDEA-CBC-SHA` 33`DES-CBC3-SHA` 34`DH-DSS-DES-CBC3-SHA` 35`DH-RSA-DES-CBC3-SHA` 36`DHE-DSS-DES-CBC3-SHA` 37`DHE-RSA-DES-CBC3-SHA` 38`ADH-RC4-MD5` 39`ADH-DES-CBC3-SHA` 40 41### TLS v1.0 cipher suites 42 43`NULL-MD5` 44`NULL-SHA` 45`RC4-MD5` 46`RC4-SHA` 47`IDEA-CBC-SHA` 48`DES-CBC3-SHA` 49`DHE-DSS-DES-CBC3-SHA` 50`DHE-RSA-DES-CBC3-SHA` 51`ADH-RC4-MD5` 52`ADH-DES-CBC3-SHA` 53 54### AES cipher suites from RFC 3268, extending TLS v1.0 55 56`AES128-SHA` 57`AES256-SHA` 58`DH-DSS-AES128-SHA` 59`DH-DSS-AES256-SHA` 60`DH-RSA-AES128-SHA` 61`DH-RSA-AES256-SHA` 62`DHE-DSS-AES128-SHA` 63`DHE-DSS-AES256-SHA` 64`DHE-RSA-AES128-SHA` 65`DHE-RSA-AES256-SHA` 66`ADH-AES128-SHA` 67`ADH-AES256-SHA` 68 69### SEED cipher suites from RFC 4162, extending TLS v1.0 70 71`SEED-SHA` 72`DH-DSS-SEED-SHA` 73`DH-RSA-SEED-SHA` 74`DHE-DSS-SEED-SHA` 75`DHE-RSA-SEED-SHA` 76`ADH-SEED-SHA` 77 78### GOST cipher suites, extending TLS v1.0 79 80`GOST94-GOST89-GOST89` 81`GOST2001-GOST89-GOST89` 82`GOST94-NULL-GOST94` 83`GOST2001-NULL-GOST94` 84 85### Elliptic curve cipher suites 86 87`ECDHE-RSA-NULL-SHA` 88`ECDHE-RSA-RC4-SHA` 89`ECDHE-RSA-DES-CBC3-SHA` 90`ECDHE-RSA-AES128-SHA` 91`ECDHE-RSA-AES256-SHA` 92`ECDHE-ECDSA-NULL-SHA` 93`ECDHE-ECDSA-RC4-SHA` 94`ECDHE-ECDSA-DES-CBC3-SHA` 95`ECDHE-ECDSA-AES128-SHA` 96`ECDHE-ECDSA-AES256-SHA` 97`AECDH-NULL-SHA` 98`AECDH-RC4-SHA` 99`AECDH-DES-CBC3-SHA` 100`AECDH-AES128-SHA` 101`AECDH-AES256-SHA` 102 103### TLS v1.2 cipher suites 104 105`NULL-SHA256` 106`AES128-SHA256` 107`AES256-SHA256` 108`AES128-GCM-SHA256` 109`AES256-GCM-SHA384` 110`DH-RSA-AES128-SHA256` 111`DH-RSA-AES256-SHA256` 112`DH-RSA-AES128-GCM-SHA256` 113`DH-RSA-AES256-GCM-SHA384` 114`DH-DSS-AES128-SHA256` 115`DH-DSS-AES256-SHA256` 116`DH-DSS-AES128-GCM-SHA256` 117`DH-DSS-AES256-GCM-SHA384` 118`DHE-RSA-AES128-SHA256` 119`DHE-RSA-AES256-SHA256` 120`DHE-RSA-AES128-GCM-SHA256` 121`DHE-RSA-AES256-GCM-SHA384` 122`DHE-DSS-AES128-SHA256` 123`DHE-DSS-AES256-SHA256` 124`DHE-DSS-AES128-GCM-SHA256` 125`DHE-DSS-AES256-GCM-SHA384` 126`ECDHE-RSA-AES128-SHA256` 127`ECDHE-RSA-AES256-SHA384` 128`ECDHE-RSA-AES128-GCM-SHA256` 129`ECDHE-RSA-AES256-GCM-SHA384` 130`ECDHE-ECDSA-AES128-SHA256` 131`ECDHE-ECDSA-AES256-SHA384` 132`ECDHE-ECDSA-AES128-GCM-SHA256` 133`ECDHE-ECDSA-AES256-GCM-SHA384` 134`ADH-AES128-SHA256` 135`ADH-AES256-SHA256` 136`ADH-AES128-GCM-SHA256` 137`ADH-AES256-GCM-SHA384` 138`AES128-CCM` 139`AES256-CCM` 140`DHE-RSA-AES128-CCM` 141`DHE-RSA-AES256-CCM` 142`AES128-CCM8` 143`AES256-CCM8` 144`DHE-RSA-AES128-CCM8` 145`DHE-RSA-AES256-CCM8` 146`ECDHE-ECDSA-AES128-CCM` 147`ECDHE-ECDSA-AES256-CCM` 148`ECDHE-ECDSA-AES128-CCM8` 149`ECDHE-ECDSA-AES256-CCM8` 150 151### Camellia HMAC-Based cipher suites from RFC 6367, extending TLS v1.2 152 153`ECDHE-ECDSA-CAMELLIA128-SHA256` 154`ECDHE-ECDSA-CAMELLIA256-SHA384` 155`ECDHE-RSA-CAMELLIA128-SHA256` 156`ECDHE-RSA-CAMELLIA256-SHA384` 157 158### TLS 1.3 cipher suites 159 160(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`) 161 162`TLS_AES_256_GCM_SHA384` 163`TLS_CHACHA20_POLY1305_SHA256` 164`TLS_AES_128_GCM_SHA256` 165`TLS_AES_128_CCM_8_SHA256` 166`TLS_AES_128_CCM_SHA256` 167 168## WolfSSL 169 170`RC4-SHA`, 171`RC4-MD5`, 172`DES-CBC3-SHA`, 173`AES128-SHA`, 174`AES256-SHA`, 175`NULL-SHA`, 176`NULL-SHA256`, 177`DHE-RSA-AES128-SHA`, 178`DHE-RSA-AES256-SHA`, 179`DHE-PSK-AES256-GCM-SHA384`, 180`DHE-PSK-AES128-GCM-SHA256`, 181`PSK-AES256-GCM-SHA384`, 182`PSK-AES128-GCM-SHA256`, 183`DHE-PSK-AES256-CBC-SHA384`, 184`DHE-PSK-AES128-CBC-SHA256`, 185`PSK-AES256-CBC-SHA384`, 186`PSK-AES128-CBC-SHA256`, 187`PSK-AES128-CBC-SHA`, 188`PSK-AES256-CBC-SHA`, 189`DHE-PSK-AES128-CCM`, 190`DHE-PSK-AES256-CCM`, 191`PSK-AES128-CCM`, 192`PSK-AES256-CCM`, 193`PSK-AES128-CCM-8`, 194`PSK-AES256-CCM-8`, 195`DHE-PSK-NULL-SHA384`, 196`DHE-PSK-NULL-SHA256`, 197`PSK-NULL-SHA384`, 198`PSK-NULL-SHA256`, 199`PSK-NULL-SHA`, 200`HC128-MD5`, 201`HC128-SHA`, 202`HC128-B2B256`, 203`AES128-B2B256`, 204`AES256-B2B256`, 205`RABBIT-SHA`, 206`NTRU-RC4-SHA`, 207`NTRU-DES-CBC3-SHA`, 208`NTRU-AES128-SHA`, 209`NTRU-AES256-SHA`, 210`AES128-CCM-8`, 211`AES256-CCM-8`, 212`ECDHE-ECDSA-AES128-CCM`, 213`ECDHE-ECDSA-AES128-CCM-8`, 214`ECDHE-ECDSA-AES256-CCM-8`, 215`ECDHE-RSA-AES128-SHA`, 216`ECDHE-RSA-AES256-SHA`, 217`ECDHE-ECDSA-AES128-SHA`, 218`ECDHE-ECDSA-AES256-SHA`, 219`ECDHE-RSA-RC4-SHA`, 220`ECDHE-RSA-DES-CBC3-SHA`, 221`ECDHE-ECDSA-RC4-SHA`, 222`ECDHE-ECDSA-DES-CBC3-SHA`, 223`AES128-SHA256`, 224`AES256-SHA256`, 225`DHE-RSA-AES128-SHA256`, 226`DHE-RSA-AES256-SHA256`, 227`ECDH-RSA-AES128-SHA`, 228`ECDH-RSA-AES256-SHA`, 229`ECDH-ECDSA-AES128-SHA`, 230`ECDH-ECDSA-AES256-SHA`, 231`ECDH-RSA-RC4-SHA`, 232`ECDH-RSA-DES-CBC3-SHA`, 233`ECDH-ECDSA-RC4-SHA`, 234`ECDH-ECDSA-DES-CBC3-SHA`, 235`AES128-GCM-SHA256`, 236`AES256-GCM-SHA384`, 237`DHE-RSA-AES128-GCM-SHA256`, 238`DHE-RSA-AES256-GCM-SHA384`, 239`ECDHE-RSA-AES128-GCM-SHA256`, 240`ECDHE-RSA-AES256-GCM-SHA384`, 241`ECDHE-ECDSA-AES128-GCM-SHA256`, 242`ECDHE-ECDSA-AES256-GCM-SHA384`, 243`ECDH-RSA-AES128-GCM-SHA256`, 244`ECDH-RSA-AES256-GCM-SHA384`, 245`ECDH-ECDSA-AES128-GCM-SHA256`, 246`ECDH-ECDSA-AES256-GCM-SHA384`, 247`CAMELLIA128-SHA`, 248`DHE-RSA-CAMELLIA128-SHA`, 249`CAMELLIA256-SHA`, 250`DHE-RSA-CAMELLIA256-SHA`, 251`CAMELLIA128-SHA256`, 252`DHE-RSA-CAMELLIA128-SHA256`, 253`CAMELLIA256-SHA256`, 254`DHE-RSA-CAMELLIA256-SHA256`, 255`ECDHE-RSA-AES128-SHA256`, 256`ECDHE-ECDSA-AES128-SHA256`, 257`ECDH-RSA-AES128-SHA256`, 258`ECDH-ECDSA-AES128-SHA256`, 259`ECDHE-RSA-AES256-SHA384`, 260`ECDHE-ECDSA-AES256-SHA384`, 261`ECDH-RSA-AES256-SHA384`, 262`ECDH-ECDSA-AES256-SHA384`, 263`ECDHE-RSA-CHACHA20-POLY1305`, 264`ECDHE-ECDSA-CHACHA20-POLY1305`, 265`DHE-RSA-CHACHA20-POLY1305`, 266`ECDHE-RSA-CHACHA20-POLY1305-OLD`, 267`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`, 268`DHE-RSA-CHACHA20-POLY1305-OLD`, 269`ADH-AES128-SHA`, 270`QSH`, 271`RENEGOTIATION-INFO`, 272`IDEA-CBC-SHA`, 273`ECDHE-ECDSA-NULL-SHA`, 274`ECDHE-PSK-NULL-SHA256`, 275`ECDHE-PSK-AES128-CBC-SHA256`, 276`PSK-CHACHA20-POLY1305`, 277`ECDHE-PSK-CHACHA20-POLY1305`, 278`DHE-PSK-CHACHA20-POLY1305`, 279`EDH-RSA-DES-CBC3-SHA`, 280 281## Schannel 282 283Schannel allows the enabling and disabling of encryption algorithms, but not 284specific cipher suites, prior to TLS 1.3. The algorithms are 285[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by 286Microsoft. 287 288The algorithms below are for TLS 1.2 and earlier. TLS 1.3 is covered in the 289next section. 290 291There is also the case that the selected algorithm is not supported by the 292protocol or does not match the ciphers offered by the server during the SSL 293negotiation. In this case curl will return error 294`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` 295and the request will fail. 296 297`CALG_MD2`, 298`CALG_MD4`, 299`CALG_MD5`, 300`CALG_SHA`, 301`CALG_SHA1`, 302`CALG_MAC`, 303`CALG_RSA_SIGN`, 304`CALG_DSS_SIGN`, 305`CALG_NO_SIGN`, 306`CALG_RSA_KEYX`, 307`CALG_DES`, 308`CALG_3DES_112`, 309`CALG_3DES`, 310`CALG_DESX`, 311`CALG_RC2`, 312`CALG_RC4`, 313`CALG_SEAL`, 314`CALG_DH_SF`, 315`CALG_DH_EPHEM`, 316`CALG_AGREEDKEY_ANY`, 317`CALG_HUGHES_MD5`, 318`CALG_SKIPJACK`, 319`CALG_TEK`, 320`CALG_CYLINK_MEK`, 321`CALG_SSL3_SHAMD5`, 322`CALG_SSL3_MASTER`, 323`CALG_SCHANNEL_MASTER_HASH`, 324`CALG_SCHANNEL_MAC_KEY`, 325`CALG_SCHANNEL_ENC_KEY`, 326`CALG_PCT1_MASTER`, 327`CALG_SSL2_MASTER`, 328`CALG_TLS1_MASTER`, 329`CALG_RC5`, 330`CALG_HMAC`, 331`CALG_TLS1PRF`, 332`CALG_HASH_REPLACE_OWF`, 333`CALG_AES_128`, 334`CALG_AES_192`, 335`CALG_AES_256`, 336`CALG_AES`, 337`CALG_SHA_256`, 338`CALG_SHA_384`, 339`CALG_SHA_512`, 340`CALG_ECDH`, 341`CALG_ECMQV`, 342`CALG_ECDSA`, 343`CALG_ECDH_EPHEM`, 344 345As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name 346to [constrain the set of available ciphers as specified in the Schannel 347documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022). 348Note that the supported ciphers in this case follow the OS version, so if you 349are running an outdated OS you might still be supporting weak ciphers. 350 351### TLS 1.3 cipher suites 352 353You can set TLS 1.3 ciphers for Schannel by using `CURLOPT_TLS13_CIPHERS` or 354`--tls13-ciphers` with the names below. 355 356If TLS 1.3 cipher suites are set then libcurl will add or restrict Schannel TLS 3571.3 algorithms automatically. Essentially, libcurl is emulating support for 358individual TLS 1.3 cipher suites since Schannel does not support it directly. 359 360`TLS_AES_256_GCM_SHA384` 361`TLS_AES_128_GCM_SHA256` 362`TLS_CHACHA20_POLY1305_SHA256` 363`TLS_AES_128_CCM_8_SHA256` 364`TLS_AES_128_CCM_SHA256` 365 366Note if you set TLS 1.3 ciphers without also setting the minimum TLS version 367to 1.3 then it is possible Schannel may negotiate an earlier TLS version and 368cipher suite if your libcurl and OS settings allow it. You can set the minimum 369TLS version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`. 370 371## BearSSL 372 373BearSSL ciphers can be specified by either the OpenSSL name (`ECDHE-RSA-AES128-GCM-SHA256`) or the IANA name (`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`). 374 375Since BearSSL 0.1: 376 377`DES-CBC3-SHA` 378`AES128-SHA` 379`AES256-SHA` 380`AES128-SHA256` 381`AES256-SHA256` 382`AES128-GCM-SHA256` 383`AES256-GCM-SHA384` 384`ECDH-ECDSA-DES-CBC3-SHA` 385`ECDH-ECDSA-AES128-SHA` 386`ECDH-ECDSA-AES256-SHA` 387`ECDHE-ECDSA-DES-CBC3-SHA` 388`ECDHE-ECDSA-AES128-SHA` 389`ECDHE-ECDSA-AES256-SHA` 390`ECDH-RSA-DES-CBC3-SHA` 391`ECDH-RSA-AES128-SHA` 392`ECDH-RSA-AES256-SHA` 393`ECDHE-RSA-DES-CBC3-SHA` 394`ECDHE-RSA-AES128-SHA` 395`ECDHE-RSA-AES256-SHA` 396`ECDHE-ECDSA-AES128-SHA256` 397`ECDHE-ECDSA-AES256-SHA384` 398`ECDH-ECDSA-AES128-SHA256` 399`ECDH-ECDSA-AES256-SHA384` 400`ECDHE-RSA-AES128-SHA256` 401`ECDHE-RSA-AES256-SHA384` 402`ECDH-RSA-AES128-SHA256` 403`ECDH-RSA-AES256-SHA384` 404`ECDHE-ECDSA-AES128-GCM-SHA256` 405`ECDHE-ECDSA-AES256-GCM-SHA384` 406`ECDH-ECDSA-AES128-GCM-SHA256` 407`ECDH-ECDSA-AES256-GCM-SHA384` 408`ECDHE-RSA-AES128-GCM-SHA256` 409`ECDHE-RSA-AES256-GCM-SHA384` 410`ECDH-RSA-AES128-GCM-SHA256` 411`ECDH-RSA-AES256-GCM-SHA384` 412 413Since BearSSL 0.2: 414 415`ECDHE-RSA-CHACHA20-POLY1305` 416`ECDHE-ECDSA-CHACHA20-POLY1305` 417 418Since BearSSL 0.6: 419 420`AES128-CCM` 421`AES256-CCM` 422`AES128-CCM8` 423`AES256-CCM8` 424`ECDHE-ECDSA-AES128-CCM` 425`ECDHE-ECDSA-AES256-CCM` 426`ECDHE-ECDSA-AES128-CCM8` 427`ECDHE-ECDSA-AES256-CCM8` 428