reference/openssl/functions/openssl-get-cipher-methods.xml
ec4849a7581aaefbb105ca7b13d78eb8ab0217e2
ec4849a7581aaefbb105ca7b13d78eb8ab0217e2
...
...
@@ -11,7 +11,7 @@
11
11
&reftitle.description;
12
12
<methodsynopsis>
13
13
<type>array</type><methodname>openssl_get_cipher_methods</methodname>
14
-
<methodparam choice="opt"><type>bool</type><parameter>aliases</parameter><initializer>false</initializer></methodparam>
14
+
<methodparam choice="opt"><type>bool</type><parameter>aliases</parameter><initializer>&false;</initializer></methodparam>
15
15
</methodsynopsis>
16
16
<para>
17
17
Gets a list of available cipher methods.
...
...
@@ -40,6 +40,9 @@
40
40
&reftitle.returnvalues;
41
41
<para>
42
42
An <type>array</type> of available cipher methods.
43
+
Note that prior to OpenSSL 1.1.1, the cipher methods have been returned in
44
+
upper case and lower case spelling; as of OpenSSL 1.1.1 only the lower case
45
+
variants are returned.
43
46
</para>
44
47
</refsect1>
45
48
...
...
@@ -59,10 +62,19 @@ $ciphers = openssl_get_cipher_methods();
59
62
$ciphers_and_aliases = openssl_get_cipher_methods(true);
60
63
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);
61
64
62
-
print_r($ciphers);
65
+
//ECB mode should be avoided
66
+
$ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
63
67
64
-
print_r($cipher_aliases);
68
+
//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
69
+
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
70
+
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
71
+
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
72
+
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
73
+
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
74
+
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );
65
75
76
+
print_r($ciphers);
77
+
print_r($cipher_aliases);
66
78
?>
67
79
]]>
68
80
</programlisting>
...
...
@@ -71,138 +83,133 @@ print_r($cipher_aliases);
71
83
<![CDATA[
72
84
Array
73
85
(
74
-
[0] => AES-128-CBC
75
-
[1] => AES-128-CFB
76
-
[2] => AES-128-CFB1
77
-
[3] => AES-128-CFB8
78
-
[4] => AES-128-ECB
79
-
[5] => AES-128-OFB
80
-
[6] => AES-192-CBC
81
-
[7] => AES-192-CFB
82
-
[8] => AES-192-CFB1
83
-
[9] => AES-192-CFB8
84
-
[10] => AES-192-ECB
85
-
[11] => AES-192-OFB
86
-
[12] => AES-256-CBC
87
-
[13] => AES-256-CFB
88
-
[14] => AES-256-CFB1
89
-
[15] => AES-256-CFB8
90
-
[16] => AES-256-ECB
91
-
[17] => AES-256-OFB
92
-
[18] => BF-CBC
93
-
[19] => BF-CFB
94
-
[20] => BF-ECB
95
-
[21] => BF-OFB
96
-
[22] => CAST5-CBC
97
-
[23] => CAST5-CFB
98
-
[24] => CAST5-ECB
99
-
[25] => CAST5-OFB
100
-
[26] => DES-CBC
101
-
[27] => DES-CFB
102
-
[28] => DES-CFB1
103
-
[29] => DES-CFB8
104
-
[30] => DES-ECB
105
-
[31] => DES-EDE
106
-
[32] => DES-EDE-CBC
107
-
[33] => DES-EDE-CFB
108
-
[34] => DES-EDE-OFB
109
-
[35] => DES-EDE3
110
-
[36] => DES-EDE3-CBC
111
-
[37] => DES-EDE3-CFB
112
-
[38] => DES-EDE3-OFB
113
-
[39] => DES-OFB
114
-
[40] => DESX-CBC
115
-
[41] => IDEA-CBC
116
-
[42] => IDEA-CFB
117
-
[43] => IDEA-ECB
118
-
[44] => IDEA-OFB
119
-
[45] => RC2-40-CBC
120
-
[46] => RC2-64-CBC
121
-
[47] => RC2-CBC
122
-
[48] => RC2-CFB
123
-
[49] => RC2-ECB
124
-
[50] => RC2-OFB
125
-
[51] => RC4
126
-
[52] => RC4-40
127
-
[53] => aes-128-cbc
128
-
[54] => aes-128-cfb
129
-
[55] => aes-128-cfb1
130
-
[56] => aes-128-cfb8
131
-
[57] => aes-128-ecb
132
-
[58] => aes-128-ofb
133
-
[59] => aes-192-cbc
134
-
[60] => aes-192-cfb
135
-
[61] => aes-192-cfb1
136
-
[62] => aes-192-cfb8
137
-
[63] => aes-192-ecb
138
-
[64] => aes-192-ofb
139
-
[65] => aes-256-cbc
140
-
[66] => aes-256-cfb
141
-
[67] => aes-256-cfb1
142
-
[68] => aes-256-cfb8
143
-
[69] => aes-256-ecb
144
-
[70] => aes-256-ofb
145
-
[71] => bf-cbc
146
-
[72] => bf-cfb
147
-
[73] => bf-ecb
148
-
[74] => bf-ofb
149
-
[75] => cast5-cbc
150
-
[76] => cast5-cfb
151
-
[77] => cast5-ecb
152
-
[78] => cast5-ofb
153
-
[79] => des-cbc
154
-
[80] => des-cfb
155
-
[81] => des-cfb1
156
-
[82] => des-cfb8
157
-
[83] => des-ecb
158
-
[84] => des-ede
159
-
[85] => des-ede-cbc
160
-
[86] => des-ede-cfb
161
-
[87] => des-ede-ofb
162
-
[88] => des-ede3
163
-
[89] => des-ede3-cbc
164
-
[90] => des-ede3-cfb
165
-
[91] => des-ede3-ofb
166
-
[92] => des-ofb
167
-
[93] => desx-cbc
168
-
[94] => idea-cbc
169
-
[95] => idea-cfb
170
-
[96] => idea-ecb
171
-
[97] => idea-ofb
172
-
[98] => rc2-40-cbc
173
-
[99] => rc2-64-cbc
174
-
[100] => rc2-cbc
175
-
[101] => rc2-cfb
176
-
[102] => rc2-ecb
177
-
[103] => rc2-ofb
178
-
[104] => rc4
179
-
[105] => rc4-40
86
+
[0] => aes-128-cbc
87
+
[1] => aes-128-cbc-hmac-sha1
88
+
[2] => aes-128-cbc-hmac-sha256
89
+
[3] => aes-128-ccm
90
+
[4] => aes-128-cfb
91
+
[5] => aes-128-cfb1
92
+
[6] => aes-128-cfb8
93
+
[7] => aes-128-ctr
94
+
[9] => aes-128-gcm
95
+
[10] => aes-128-ocb
96
+
[11] => aes-128-ofb
97
+
[12] => aes-128-xts
98
+
[13] => aes-192-cbc
99
+
[14] => aes-192-ccm
100
+
[15] => aes-192-cfb
101
+
[16] => aes-192-cfb1
102
+
[17] => aes-192-cfb8
103
+
[18] => aes-192-ctr
104
+
[20] => aes-192-gcm
105
+
[21] => aes-192-ocb
106
+
[22] => aes-192-ofb
107
+
[23] => aes-256-cbc
108
+
[24] => aes-256-cbc-hmac-sha1
109
+
[25] => aes-256-cbc-hmac-sha256
110
+
[26] => aes-256-ccm
111
+
[27] => aes-256-cfb
112
+
[28] => aes-256-cfb1
113
+
[29] => aes-256-cfb8
114
+
[30] => aes-256-ctr
115
+
[32] => aes-256-gcm
116
+
[33] => aes-256-ocb
117
+
[34] => aes-256-ofb
118
+
[35] => aes-256-xts
119
+
[36] => aria-128-cbc
120
+
[37] => aria-128-ccm
121
+
[38] => aria-128-cfb
122
+
[39] => aria-128-cfb1
123
+
[40] => aria-128-cfb8
124
+
[41] => aria-128-ctr
125
+
[43] => aria-128-gcm
126
+
[44] => aria-128-ofb
127
+
[45] => aria-192-cbc
128
+
[46] => aria-192-ccm
129
+
[47] => aria-192-cfb
130
+
[48] => aria-192-cfb1
131
+
[49] => aria-192-cfb8
132
+
[50] => aria-192-ctr
133
+
[52] => aria-192-gcm
134
+
[53] => aria-192-ofb
135
+
[54] => aria-256-cbc
136
+
[55] => aria-256-ccm
137
+
[56] => aria-256-cfb
138
+
[57] => aria-256-cfb1
139
+
[58] => aria-256-cfb8
140
+
[59] => aria-256-ctr
141
+
[61] => aria-256-gcm
142
+
[62] => aria-256-ofb
143
+
[63] => bf-cbc
144
+
[64] => bf-cfb
145
+
[66] => bf-ofb
146
+
[67] => camellia-128-cbc
147
+
[68] => camellia-128-cfb
148
+
[69] => camellia-128-cfb1
149
+
[70] => camellia-128-cfb8
150
+
[71] => camellia-128-ctr
151
+
[73] => camellia-128-ofb
152
+
[74] => camellia-192-cbc
153
+
[75] => camellia-192-cfb
154
+
[76] => camellia-192-cfb1
155
+
[77] => camellia-192-cfb8
156
+
[78] => camellia-192-ctr
157
+
[80] => camellia-192-ofb
158
+
[81] => camellia-256-cbc
159
+
[82] => camellia-256-cfb
160
+
[83] => camellia-256-cfb1
161
+
[84] => camellia-256-cfb8
162
+
[85] => camellia-256-ctr
163
+
[87] => camellia-256-ofb
164
+
[88] => cast5-cbc
165
+
[89] => cast5-cfb
166
+
[91] => cast5-ofb
167
+
[92] => chacha20
168
+
[93] => chacha20-poly1305
169
+
[111] => id-aes128-CCM
170
+
[112] => id-aes128-GCM
171
+
[113] => id-aes128-wrap
172
+
[114] => id-aes128-wrap-pad
173
+
[115] => id-aes192-CCM
174
+
[116] => id-aes192-GCM
175
+
[117] => id-aes192-wrap
176
+
[118] => id-aes192-wrap-pad
177
+
[119] => id-aes256-CCM
178
+
[120] => id-aes256-GCM
179
+
[121] => id-aes256-wrap
180
+
[122] => id-aes256-wrap-pad
181
+
[124] => idea-cbc
182
+
[125] => idea-cfb
183
+
[127] => idea-ofb
184
+
[137] => seed-cbc
185
+
[138] => seed-cfb
186
+
[140] => seed-ofb
187
+
[141] => sm4-cbc
188
+
[142] => sm4-cfb
189
+
[143] => sm4-ctr
190
+
[145] => sm4-ofb
180
191
)
181
192
Array
182
193
(
183
-
[18] => AES128
184
-
[19] => AES192
185
-
[20] => AES256
186
-
[21] => BF
187
-
[26] => CAST
188
-
[27] => CAST-cbc
189
-
[32] => DES
190
-
[47] => DES3
191
-
[48] => DESX
192
-
[50] => IDEA
193
-
[55] => RC2
194
-
[82] => aes128
195
-
[83] => aes192
196
-
[84] => aes256
197
-
[85] => bf
198
-
[90] => blowfish
199
-
[91] => cast
200
-
[92] => cast-cbc
201
-
[97] => des
202
-
[112] => des3
203
-
[113] => desx
204
-
[115] => idea
205
-
[120] => rc2
194
+
[36] => aes128
195
+
[37] => aes128-wrap
196
+
[38] => aes192
197
+
[39] => aes192-wrap
198
+
[40] => aes256
199
+
[41] => aes256-wrap
200
+
[69] => aria128
201
+
[70] => aria192
202
+
[71] => aria256
203
+
[72] => bf
204
+
[77] => blowfish
205
+
[99] => camellia128
206
+
[100] => camellia192
207
+
[101] => camellia256
208
+
[102] => cast
209
+
[103] => cast-cbc
210
+
[146] => idea
211
+
[164] => seed
212
+
[169] => sm4
206
213
)
207
214
208
215
]]>
209
216