1<!-- 2Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3 4SPDX-License-Identifier: curl 5--> 6 7# Ciphers 8 9With curl's options 10[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html) 11and 12[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers) 13users can control which ciphers to consider when negotiating TLS connections. 14 15TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+, and since 16curl 7.85 for Schannel with options 17[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) 18and 19[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) 20. If you are using a different SSL backend you can try setting TLS 1.3 cipher 21suites by using the respective regular cipher option. 22 23The names of the known ciphers differ depending on which TLS backend that 24libcurl was built to use. This is an attempt to list known cipher names. 25 26## OpenSSL 27 28(based on [OpenSSL docs](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html)) 29 30When specifying multiple cipher names, separate them with colon (`:`). 31 32### SSL3 cipher suites 33 34`NULL-MD5` 35`NULL-SHA` 36`RC4-MD5` 37`RC4-SHA` 38`IDEA-CBC-SHA` 39`DES-CBC3-SHA` 40`DH-DSS-DES-CBC3-SHA` 41`DH-RSA-DES-CBC3-SHA` 42`DHE-DSS-DES-CBC3-SHA` 43`DHE-RSA-DES-CBC3-SHA` 44`ADH-RC4-MD5` 45`ADH-DES-CBC3-SHA` 46 47### TLS v1.0 cipher suites 48 49`NULL-MD5` 50`NULL-SHA` 51`RC4-MD5` 52`RC4-SHA` 53`IDEA-CBC-SHA` 54`DES-CBC3-SHA` 55`DHE-DSS-DES-CBC3-SHA` 56`DHE-RSA-DES-CBC3-SHA` 57`ADH-RC4-MD5` 58`ADH-DES-CBC3-SHA` 59 60### AES cipher suites from RFC 3268, extending TLS v1.0 61 62`AES128-SHA` 63`AES256-SHA` 64`DH-DSS-AES128-SHA` 65`DH-DSS-AES256-SHA` 66`DH-RSA-AES128-SHA` 67`DH-RSA-AES256-SHA` 68`DHE-DSS-AES128-SHA` 69`DHE-DSS-AES256-SHA` 70`DHE-RSA-AES128-SHA` 71`DHE-RSA-AES256-SHA` 72`ADH-AES128-SHA` 73`ADH-AES256-SHA` 74 75### SEED cipher suites from RFC 4162, extending TLS v1.0 76 77`SEED-SHA` 78`DH-DSS-SEED-SHA` 79`DH-RSA-SEED-SHA` 80`DHE-DSS-SEED-SHA` 81`DHE-RSA-SEED-SHA` 82`ADH-SEED-SHA` 83 84### GOST cipher suites, extending TLS v1.0 85 86`GOST94-GOST89-GOST89` 87`GOST2001-GOST89-GOST89` 88`GOST94-NULL-GOST94` 89`GOST2001-NULL-GOST94` 90 91### Elliptic curve cipher suites 92 93`ECDHE-RSA-NULL-SHA` 94`ECDHE-RSA-RC4-SHA` 95`ECDHE-RSA-DES-CBC3-SHA` 96`ECDHE-RSA-AES128-SHA` 97`ECDHE-RSA-AES256-SHA` 98`ECDHE-ECDSA-NULL-SHA` 99`ECDHE-ECDSA-RC4-SHA` 100`ECDHE-ECDSA-DES-CBC3-SHA` 101`ECDHE-ECDSA-AES128-SHA` 102`ECDHE-ECDSA-AES256-SHA` 103`AECDH-NULL-SHA` 104`AECDH-RC4-SHA` 105`AECDH-DES-CBC3-SHA` 106`AECDH-AES128-SHA` 107`AECDH-AES256-SHA` 108 109### TLS v1.2 cipher suites 110 111`NULL-SHA256` 112`AES128-SHA256` 113`AES256-SHA256` 114`AES128-GCM-SHA256` 115`AES256-GCM-SHA384` 116`DH-RSA-AES128-SHA256` 117`DH-RSA-AES256-SHA256` 118`DH-RSA-AES128-GCM-SHA256` 119`DH-RSA-AES256-GCM-SHA384` 120`DH-DSS-AES128-SHA256` 121`DH-DSS-AES256-SHA256` 122`DH-DSS-AES128-GCM-SHA256` 123`DH-DSS-AES256-GCM-SHA384` 124`DHE-RSA-AES128-SHA256` 125`DHE-RSA-AES256-SHA256` 126`DHE-RSA-AES128-GCM-SHA256` 127`DHE-RSA-AES256-GCM-SHA384` 128`DHE-DSS-AES128-SHA256` 129`DHE-DSS-AES256-SHA256` 130`DHE-DSS-AES128-GCM-SHA256` 131`DHE-DSS-AES256-GCM-SHA384` 132`ECDHE-RSA-AES128-SHA256` 133`ECDHE-RSA-AES256-SHA384` 134`ECDHE-RSA-AES128-GCM-SHA256` 135`ECDHE-RSA-AES256-GCM-SHA384` 136`ECDHE-ECDSA-AES128-SHA256` 137`ECDHE-ECDSA-AES256-SHA384` 138`ECDHE-ECDSA-AES128-GCM-SHA256` 139`ECDHE-ECDSA-AES256-GCM-SHA384` 140`ADH-AES128-SHA256` 141`ADH-AES256-SHA256` 142`ADH-AES128-GCM-SHA256` 143`ADH-AES256-GCM-SHA384` 144`AES128-CCM` 145`AES256-CCM` 146`DHE-RSA-AES128-CCM` 147`DHE-RSA-AES256-CCM` 148`AES128-CCM8` 149`AES256-CCM8` 150`DHE-RSA-AES128-CCM8` 151`DHE-RSA-AES256-CCM8` 152`ECDHE-ECDSA-AES128-CCM` 153`ECDHE-ECDSA-AES256-CCM` 154`ECDHE-ECDSA-AES128-CCM8` 155`ECDHE-ECDSA-AES256-CCM8` 156 157### Camellia HMAC-Based cipher suites from RFC 6367, extending TLS v1.2 158 159`ECDHE-ECDSA-CAMELLIA128-SHA256` 160`ECDHE-ECDSA-CAMELLIA256-SHA384` 161`ECDHE-RSA-CAMELLIA128-SHA256` 162`ECDHE-RSA-CAMELLIA256-SHA384` 163 164### TLS 1.3 cipher suites 165 166(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`) 167 168`TLS_AES_256_GCM_SHA384` 169`TLS_CHACHA20_POLY1305_SHA256` 170`TLS_AES_128_GCM_SHA256` 171`TLS_AES_128_CCM_8_SHA256` 172`TLS_AES_128_CCM_SHA256` 173 174## WolfSSL 175 176`RC4-SHA`, 177`RC4-MD5`, 178`DES-CBC3-SHA`, 179`AES128-SHA`, 180`AES256-SHA`, 181`NULL-SHA`, 182`NULL-SHA256`, 183`DHE-RSA-AES128-SHA`, 184`DHE-RSA-AES256-SHA`, 185`DHE-PSK-AES256-GCM-SHA384`, 186`DHE-PSK-AES128-GCM-SHA256`, 187`PSK-AES256-GCM-SHA384`, 188`PSK-AES128-GCM-SHA256`, 189`DHE-PSK-AES256-CBC-SHA384`, 190`DHE-PSK-AES128-CBC-SHA256`, 191`PSK-AES256-CBC-SHA384`, 192`PSK-AES128-CBC-SHA256`, 193`PSK-AES128-CBC-SHA`, 194`PSK-AES256-CBC-SHA`, 195`DHE-PSK-AES128-CCM`, 196`DHE-PSK-AES256-CCM`, 197`PSK-AES128-CCM`, 198`PSK-AES256-CCM`, 199`PSK-AES128-CCM-8`, 200`PSK-AES256-CCM-8`, 201`DHE-PSK-NULL-SHA384`, 202`DHE-PSK-NULL-SHA256`, 203`PSK-NULL-SHA384`, 204`PSK-NULL-SHA256`, 205`PSK-NULL-SHA`, 206`HC128-MD5`, 207`HC128-SHA`, 208`HC128-B2B256`, 209`AES128-B2B256`, 210`AES256-B2B256`, 211`RABBIT-SHA`, 212`NTRU-RC4-SHA`, 213`NTRU-DES-CBC3-SHA`, 214`NTRU-AES128-SHA`, 215`NTRU-AES256-SHA`, 216`AES128-CCM-8`, 217`AES256-CCM-8`, 218`ECDHE-ECDSA-AES128-CCM`, 219`ECDHE-ECDSA-AES128-CCM-8`, 220`ECDHE-ECDSA-AES256-CCM-8`, 221`ECDHE-RSA-AES128-SHA`, 222`ECDHE-RSA-AES256-SHA`, 223`ECDHE-ECDSA-AES128-SHA`, 224`ECDHE-ECDSA-AES256-SHA`, 225`ECDHE-RSA-RC4-SHA`, 226`ECDHE-RSA-DES-CBC3-SHA`, 227`ECDHE-ECDSA-RC4-SHA`, 228`ECDHE-ECDSA-DES-CBC3-SHA`, 229`AES128-SHA256`, 230`AES256-SHA256`, 231`DHE-RSA-AES128-SHA256`, 232`DHE-RSA-AES256-SHA256`, 233`ECDH-RSA-AES128-SHA`, 234`ECDH-RSA-AES256-SHA`, 235`ECDH-ECDSA-AES128-SHA`, 236`ECDH-ECDSA-AES256-SHA`, 237`ECDH-RSA-RC4-SHA`, 238`ECDH-RSA-DES-CBC3-SHA`, 239`ECDH-ECDSA-RC4-SHA`, 240`ECDH-ECDSA-DES-CBC3-SHA`, 241`AES128-GCM-SHA256`, 242`AES256-GCM-SHA384`, 243`DHE-RSA-AES128-GCM-SHA256`, 244`DHE-RSA-AES256-GCM-SHA384`, 245`ECDHE-RSA-AES128-GCM-SHA256`, 246`ECDHE-RSA-AES256-GCM-SHA384`, 247`ECDHE-ECDSA-AES128-GCM-SHA256`, 248`ECDHE-ECDSA-AES256-GCM-SHA384`, 249`ECDH-RSA-AES128-GCM-SHA256`, 250`ECDH-RSA-AES256-GCM-SHA384`, 251`ECDH-ECDSA-AES128-GCM-SHA256`, 252`ECDH-ECDSA-AES256-GCM-SHA384`, 253`CAMELLIA128-SHA`, 254`DHE-RSA-CAMELLIA128-SHA`, 255`CAMELLIA256-SHA`, 256`DHE-RSA-CAMELLIA256-SHA`, 257`CAMELLIA128-SHA256`, 258`DHE-RSA-CAMELLIA128-SHA256`, 259`CAMELLIA256-SHA256`, 260`DHE-RSA-CAMELLIA256-SHA256`, 261`ECDHE-RSA-AES128-SHA256`, 262`ECDHE-ECDSA-AES128-SHA256`, 263`ECDH-RSA-AES128-SHA256`, 264`ECDH-ECDSA-AES128-SHA256`, 265`ECDHE-RSA-AES256-SHA384`, 266`ECDHE-ECDSA-AES256-SHA384`, 267`ECDH-RSA-AES256-SHA384`, 268`ECDH-ECDSA-AES256-SHA384`, 269`ECDHE-RSA-CHACHA20-POLY1305`, 270`ECDHE-ECDSA-CHACHA20-POLY1305`, 271`DHE-RSA-CHACHA20-POLY1305`, 272`ECDHE-RSA-CHACHA20-POLY1305-OLD`, 273`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`, 274`DHE-RSA-CHACHA20-POLY1305-OLD`, 275`ADH-AES128-SHA`, 276`QSH`, 277`RENEGOTIATION-INFO`, 278`IDEA-CBC-SHA`, 279`ECDHE-ECDSA-NULL-SHA`, 280`ECDHE-PSK-NULL-SHA256`, 281`ECDHE-PSK-AES128-CBC-SHA256`, 282`PSK-CHACHA20-POLY1305`, 283`ECDHE-PSK-CHACHA20-POLY1305`, 284`DHE-PSK-CHACHA20-POLY1305`, 285`EDH-RSA-DES-CBC3-SHA`, 286 287## Schannel 288 289Schannel allows the enabling and disabling of encryption algorithms, but not 290specific cipher suites, prior to TLS 1.3. The algorithms are 291[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by 292Microsoft. 293 294The algorithms below are for TLS 1.2 and earlier. TLS 1.3 is covered in the 295next section. 296 297There is also the case that the selected algorithm is not supported by the 298protocol or does not match the ciphers offered by the server during the SSL 299negotiation. In this case curl returns error 300`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` 301and the request fails. 302 303`CALG_MD2`, 304`CALG_MD4`, 305`CALG_MD5`, 306`CALG_SHA`, 307`CALG_SHA1`, 308`CALG_MAC`, 309`CALG_RSA_SIGN`, 310`CALG_DSS_SIGN`, 311`CALG_NO_SIGN`, 312`CALG_RSA_KEYX`, 313`CALG_DES`, 314`CALG_3DES_112`, 315`CALG_3DES`, 316`CALG_DESX`, 317`CALG_RC2`, 318`CALG_RC4`, 319`CALG_SEAL`, 320`CALG_DH_SF`, 321`CALG_DH_EPHEM`, 322`CALG_AGREEDKEY_ANY`, 323`CALG_HUGHES_MD5`, 324`CALG_SKIPJACK`, 325`CALG_TEK`, 326`CALG_CYLINK_MEK`, 327`CALG_SSL3_SHAMD5`, 328`CALG_SSL3_MASTER`, 329`CALG_SCHANNEL_MASTER_HASH`, 330`CALG_SCHANNEL_MAC_KEY`, 331`CALG_SCHANNEL_ENC_KEY`, 332`CALG_PCT1_MASTER`, 333`CALG_SSL2_MASTER`, 334`CALG_TLS1_MASTER`, 335`CALG_RC5`, 336`CALG_HMAC`, 337`CALG_TLS1PRF`, 338`CALG_HASH_REPLACE_OWF`, 339`CALG_AES_128`, 340`CALG_AES_192`, 341`CALG_AES_256`, 342`CALG_AES`, 343`CALG_SHA_256`, 344`CALG_SHA_384`, 345`CALG_SHA_512`, 346`CALG_ECDH`, 347`CALG_ECMQV`, 348`CALG_ECDSA`, 349`CALG_ECDH_EPHEM`, 350 351As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name 352to [constrain the set of available ciphers as specified in the Schannel 353documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022). 354Note that the supported ciphers in this case follow the OS version, so if you 355are running an outdated OS you might still be supporting weak ciphers. 356 357### TLS 1.3 cipher suites 358 359You can set TLS 1.3 ciphers for Schannel by using `CURLOPT_TLS13_CIPHERS` or 360`--tls13-ciphers` with the names below. 361 362If TLS 1.3 cipher suites are set then libcurl adds or restricts Schannel TLS 3631.3 algorithms automatically. Essentially, libcurl is emulating support for 364individual TLS 1.3 cipher suites since Schannel does not support it directly. 365 366`TLS_AES_256_GCM_SHA384` 367`TLS_AES_128_GCM_SHA256` 368`TLS_CHACHA20_POLY1305_SHA256` 369`TLS_AES_128_CCM_8_SHA256` 370`TLS_AES_128_CCM_SHA256` 371 372Note if you set TLS 1.3 ciphers without also setting the minimum TLS version 373to 1.3 then it is possible Schannel may negotiate an earlier TLS version and 374cipher suite if your libcurl and OS settings allow it. You can set the minimum 375TLS version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`. 376 377## BearSSL 378 379BearSSL ciphers can be specified by either the OpenSSL name (`ECDHE-RSA-AES128-GCM-SHA256`) or the IANA name (`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`). 380 381Since BearSSL 0.1: 382 383`DES-CBC3-SHA` 384`AES128-SHA` 385`AES256-SHA` 386`AES128-SHA256` 387`AES256-SHA256` 388`AES128-GCM-SHA256` 389`AES256-GCM-SHA384` 390`ECDH-ECDSA-DES-CBC3-SHA` 391`ECDH-ECDSA-AES128-SHA` 392`ECDH-ECDSA-AES256-SHA` 393`ECDHE-ECDSA-DES-CBC3-SHA` 394`ECDHE-ECDSA-AES128-SHA` 395`ECDHE-ECDSA-AES256-SHA` 396`ECDH-RSA-DES-CBC3-SHA` 397`ECDH-RSA-AES128-SHA` 398`ECDH-RSA-AES256-SHA` 399`ECDHE-RSA-DES-CBC3-SHA` 400`ECDHE-RSA-AES128-SHA` 401`ECDHE-RSA-AES256-SHA` 402`ECDHE-ECDSA-AES128-SHA256` 403`ECDHE-ECDSA-AES256-SHA384` 404`ECDH-ECDSA-AES128-SHA256` 405`ECDH-ECDSA-AES256-SHA384` 406`ECDHE-RSA-AES128-SHA256` 407`ECDHE-RSA-AES256-SHA384` 408`ECDH-RSA-AES128-SHA256` 409`ECDH-RSA-AES256-SHA384` 410`ECDHE-ECDSA-AES128-GCM-SHA256` 411`ECDHE-ECDSA-AES256-GCM-SHA384` 412`ECDH-ECDSA-AES128-GCM-SHA256` 413`ECDH-ECDSA-AES256-GCM-SHA384` 414`ECDHE-RSA-AES128-GCM-SHA256` 415`ECDHE-RSA-AES256-GCM-SHA384` 416`ECDH-RSA-AES128-GCM-SHA256` 417`ECDH-RSA-AES256-GCM-SHA384` 418 419Since BearSSL 0.2: 420 421`ECDHE-RSA-CHACHA20-POLY1305` 422`ECDHE-ECDSA-CHACHA20-POLY1305` 423 424Since BearSSL 0.6: 425 426`AES128-CCM` 427`AES256-CCM` 428`AES128-CCM8` 429`AES256-CCM8` 430`ECDHE-ECDSA-AES128-CCM` 431`ECDHE-ECDSA-AES256-CCM` 432`ECDHE-ECDSA-AES128-CCM8` 433`ECDHE-ECDSA-AES256-CCM8` 434