.\" $NetBSD: openssl-list.1,v 1.1 2025/07/18 16:41:19 christos Exp $ .\" .\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Required to disable full justification in groff 1.23.0. .if n .ds AD l .\" ======================================================================== .\" .IX Title "OPENSSL-LIST 1" .TH OPENSSL-LIST 1 2025-07-18 3.5.1 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME openssl\-list \- list algorithms and features .SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl list\fR [\fB\-help\fR] [\fB\-verbose\fR] [\fB\-select\fR \fIname\fR] [\fB\-1\fR] [\fB\-all\-algorithms\fR] [\fB\-commands\fR] [\fB\-standard\-commands\fR] [\fB\-digest\-algorithms\fR] [\fB\-digest\-commands\fR] [\fB\-kdf\-algorithms\fR] [\fB\-mac\-algorithms\fR] [\fB\-random\-instances\fR] [\fB\-random\-generators\fR] [\fB\-cipher\-algorithms\fR] [\fB\-cipher\-commands\fR] [\fB\-encoders\fR] [\fB\-decoders\fR] [\fB\-key\-managers\fR] [\fB\-skey\-managers\fR] [\fB\-key\-exchange\-algorithms\fR] [\fB\-kem\-algorithms\fR] [\fB\-tls\-groups\fR] [\fB\-all\-tls\-groups\fR] [\fB\-tls1_2\fR] [\fB\-tls1_3\fR] [\fB\-signature\-algorithms\fR] [\fB\-tls\-signature\-algorithms\fR] [\fB\-asymcipher\-algorithms\fR] [\fB\-public\-key\-algorithms\fR] [\fB\-public\-key\-methods\fR] [\fB\-store\-loaders\fR] [\fB\-providers\fR] [\fB\-engines\fR] [\fB\-disabled\fR] [\fB\-objects\fR] [\fB\-options\fR \fIcommand\fR] [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] [\fB\-provparam\fR \fI[name:]key=value\fR] [\fB\-propquery\fR \fIpropq\fR] .SH DESCRIPTION .IX Header "DESCRIPTION" This command is used to generate list of algorithms or disabled features. .SH OPTIONS .IX Header "OPTIONS" .IP \fB\-help\fR 4 .IX Item "-help" Display a usage message. .IP \fB\-verbose\fR 4 .IX Item "-verbose" Displays extra information. The options below where verbosity applies say a bit more about what that means. .IP "\fB\-select\fR \fIname\fR" 4 .IX Item "-select name" Only list algorithms that match this name. .IP \fB\-1\fR 4 .IX Item "-1" List the commands, digest\-commands, or cipher\-commands in a single column. If used, this option must be given first. .IP \fB\-all\-algorithms\fR 4 .IX Item "-all-algorithms" Display lists of all algorithms. These include: .RS 4 .IP "Asymmetric ciphers" 4 .IX Item "Asymmetric ciphers" .PD 0 .IP Decoders 4 .IX Item "Decoders" .IP Digests 4 .IX Item "Digests" .IP Encoders 4 .IX Item "Encoders" .IP "Key derivation algorithms (KDF)" 4 .IX Item "Key derivation algorithms (KDF)" .IP "Key encapsulation methods (KEM)" 4 .IX Item "Key encapsulation methods (KEM)" .IP "Key exchange algorithms (KEX)" 4 .IX Item "Key exchange algorithms (KEX)" .IP "Key managers" 4 .IX Item "Key managers" .IP "Symmetric key managers" 4 .IX Item "Symmetric key managers" .IP "Message authentication code algorithms (MAC)" 4 .IX Item "Message authentication code algorithms (MAC)" .IP "Random number generators (RNG, DRBG)" 4 .IX Item "Random number generators (RNG, DRBG)" .IP "Signature algorithms" 4 .IX Item "Signature algorithms" .IP "Store loaders" 4 .IX Item "Store loaders" .IP "Symmetric ciphers" 4 .IX Item "Symmetric ciphers" .PD .RE .RS 4 .RE .IP \fB\-commands\fR 4 .IX Item "-commands" Display a list of standard commands. .IP \fB\-standard\-commands\fR 4 .IX Item "-standard-commands" List of standard commands. .IP \fB\-digest\-commands\fR 4 .IX Item "-digest-commands" This option is deprecated. Use \fBdigest\-algorithms\fR instead. .Sp Display a list of message digest commands, which are typically used as input to the \fBopenssl\-dgst\fR\|(1) or \fBopenssl\-speed\fR\|(1) commands. .IP \fB\-cipher\-commands\fR 4 .IX Item "-cipher-commands" This option is deprecated. Use \fBcipher\-algorithms\fR instead. .Sp Display a list of cipher commands, which are typically used as input to the \fBopenssl\-enc\fR\|(1) or \fBopenssl\-speed\fR\|(1) commands. .IP "\fB\-cipher\-algorithms\fR, \fB\-digest\-algorithms\fR, \fB\-kdf\-algorithms\fR, \fB\-mac\-algorithms\fR," 4 .IX Item "-cipher-algorithms, -digest-algorithms, -kdf-algorithms, -mac-algorithms," Display a list of symmetric cipher, digest, kdf and mac algorithms. See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. .IP \fB\-random\-instances\fR 4 .IX Item "-random-instances" List the primary, public and private random number generator details. .IP \fB\-random\-generators\fR 4 .IX Item "-random-generators" Display a list of random number generators. See "Display of algorithm names" for a description of how names are displayed. .IP \fB\-encoders\fR 4 .IX Item "-encoders" Display a list of encoders. See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. .IP \fB\-decoders\fR 4 .IX Item "-decoders" Display a list of decoders. See "Display of algorithm names" for a description of how names are displayed. .Sp In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. .IP \fB\-public\-key\-algorithms\fR 4 .IX Item "-public-key-algorithms" Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. The options \fBkey\-exchange\-algorithms\fR, \fBkem\-algorithms\fR, \&\fBsignature\-algorithms\fR, and \fBasymcipher\-algorithms\fR will display similar info. .IP \fB\-public\-key\-methods\fR 4 .IX Item "-public-key-methods" Display a list of public key methods. .IP \fB\-key\-managers\fR 4 .IX Item "-key-managers" Display a list of key managers. .IP \fB\-skey\-managers\fR 4 .IX Item "-skey-managers" Display a list of symmetric key managers. .IP \fB\-key\-exchange\-algorithms\fR 4 .IX Item "-key-exchange-algorithms" Display a list of key exchange algorithms. .IP \fB\-kem\-algorithms\fR 4 .IX Item "-kem-algorithms" Display a list of key encapsulation algorithms. .IP \fB\-tls\-groups\fR 4 .IX Item "-tls-groups" Display a list of the IANA names of all available (implemented) TLS groups. By default the listed groups are those compatible with TLS 1.3. .IP \fB\-all\-tls\-groups\fR 4 .IX Item "-all-tls-groups" Display a list of the names of all available (implemented) TLS groups, including any aliases. Some groups are known under multiple names, for example, \fBsecp256r1\fR is also known as \fBP\-256\fR. By default the listed groups are those compatible with TLS 1.3. .IP \fB\-tls1_2\fR 4 .IX Item "-tls1_2" When listing TLS groups, list those compatible with TLS 1.2 .IP \fB\-tls1_3\fR 4 .IX Item "-tls1_3" When listing TLS groups, output those compatible with TLS 1.3. TLS 1.3 is the current default protocol version, but the default version is subject to change, so best to specify the version explicitly. .IP \fB\-signature\-algorithms\fR 4 .IX Item "-signature-algorithms" Display a list of signature algorithms. .IP \fB\-tls\-signature\-algorithms\fR 4 .IX Item "-tls-signature-algorithms" Display the list of signature algorithms available for TLS handshakes made available by all currently active providers. The output format is colon delimited in a form directly usable in \&\fBSSL_CONF_cmd\fR\|(3) specifying SignatureAlgorithms. .IP \fB\-asymcipher\-algorithms\fR 4 .IX Item "-asymcipher-algorithms" Display a list of asymmetric cipher algorithms. .IP \fB\-store\-loaders\fR 4 .IX Item "-store-loaders" Display a list of store loaders. .IP \fB\-providers\fR 4 .IX Item "-providers" Display a list of all loaded providers with their names, version and status. .Sp In verbose mode, the full version and all provider parameters will additionally be displayed. .IP \fB\-engines\fR 4 .IX Item "-engines" This option is deprecated. .Sp Display a list of loaded engines. .IP \fB\-disabled\fR 4 .IX Item "-disabled" Display a list of disabled features, those that were compiled out of the installation. .IP \fB\-objects\fR 4 .IX Item "-objects" Display a list of built in objects, i.e. OIDs with names. They\*(Aqre listed in the format described in "ASN1 Object Configuration Module" in \fBconfig\fR\|(5). .IP "\fB\-options\fR \fIcommand\fR" 4 .IX Item "-options command" Output a two\-column list of the options accepted by the specified \fIcommand\fR. The first is the option name, and the second is a one\-character indication of what type of parameter it takes, if any. This is an internal option, used for checking that the documentation is complete. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 .IP "\fB\-provider\-path\fR \fIpath\fR" 4 .IX Item "-provider-path path" .IP "\fB\-provparam\fR \fI[name:]key=value\fR" 4 .IX Item "-provparam [name:]key=value" .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). .SS "Display of algorithm names" .IX Subsection "Display of algorithm names" Algorithm names may be displayed in one of two manners: .IP "Legacy implementations" 4 .IX Item "Legacy implementations" Legacy implementations will simply display the main name of the algorithm on a line of its own, or in the form \f(CW\*(C`> to show that \f(CW\*(C`foo\*(C'\fR is an alias for the main name, \f(CW\*(C`bar\*(C'\fR .IP "Provided implementations" 4 .IX Item "Provided implementations" Implementations from a provider are displayed like this if the implementation is labeled with a single name: .Sp .Vb 1 \& foo @ bar .Ve .Sp or like this if it\*(Aqs labeled with multiple names: .Sp .Vb 1 \& { foo1, foo2 } @bar .Ve .Sp In both cases, \f(CW\*(C`bar\*(C'\fR is the name of the provider. .SH HISTORY .IX Header "HISTORY" The \fB\-engines\fR, \fB\-digest\-commands\fR, and \fB\-cipher\-commands\fR options were deprecated in OpenSSL 3.0. .PP The \fB\-skey\-managers\fR option was added in OpenSSL 3.5. .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2016\-2025 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at .