openssl – cipher regex check

If you’re setting a regex to block or enable certain ciphers, here’s a quick way to verify what it expands to:

$ openssl ciphers -V 'RC4-SHA:HIGH:!ADH'
RC4-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5

$ openssl ciphers -V 'ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW!EXP:RC4+RSA:+HIGH'
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5

Leave a Reply