| -help | Display a usage message. |
| -verbose | Displays extra information. The options below where verbosity applies say a bit more about what that means. |
| -selectname | Only list algorithms that match this name. |
| -1 | List the commands, digest-commands, or cipher-commands in a single column. If used, this option must be given first. |
| -all-algorithms | Display lists of all algorithms. These include: |
| -commands | Display a list of standard commands. |
| -standard-commands | List of standard commands. |
| -digest-commands | Display a list of message digest commands, which are typically used as input to the openssl-dgst(1) or openssl-speed(1) commands. |
| -cipher-commands | Display a list of cipher commands, which are typically used as input to the openssl-enc(1) or openssl-speed(1) commands. |
| -cipher-algorithms-digest-algorithms-kdf-algorithms-mac-algorithms | In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. |
| -random-instances | List the primary, public and private random number generator details. |
| -random-generators | Display a list of random number generators. See "Display of algorithm names" for a description of how names are displayed. |
| -encoders | In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. |
| -decoders | In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports. |
| -public-key-algorithms | Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. The options key-exchange-algorithms, kem-algorithms, signature-algorithms, and asymcipher-algorithms will display similar info. |
| -public-key-methods | Display a list of public key methods. |
| -key-managers | Display a list of key managers. |
| -skey-managers | Display a list of symmetric key managers. |
| -key-exchange-algorithms | Display a list of key exchange algorithms. |
| -kem-algorithms | Display a list of key encapsulation algorithms. |
| -tls-groups | Display a list of the IANA names of all available (implemented) TLS groups. By default the listed groups are those compatible with TLS 1.3. |
| -all-tls-groups | Display a list of the names of all available (implemented) TLS groups, including any aliases. Some groups are known under multiple names, for example, secp256r1 is also known as P-256. By default the listed groups are those compatible with TLS 1.3. |
| -tls1_2 | When listing TLS groups, list those compatible with TLS 1.2 |
| -tls1_3 | When listing TLS groups, output those compatible with TLS 1.3. TLS 1.3 is the current default protocol version, but the default version is subject to change, so best to specify the version explicitly. |
| -signature-algorithms | Display a list of signature algorithms. |
| -tls-signature-algorithms | Display the list of signature algorithms available for TLS handshakes made available by all currently active providers. The output format is colon delimited in a form directly usable in SSL_CONF_cmd(3) specifying SignatureAlgorithms. |
| -asymcipher-algorithms | Display a list of asymmetric cipher algorithms. |
| -store-loaders | Display a list of store loaders. |
| -providers | In verbose mode, the full version and all provider parameters will additionally be displayed. |
| -engines | Display a list of loaded engines. |
| -disabled | Display a list of disabled features, those that were compiled out of the installation. |
| -objects | Display a list of built in objects, i.e. OIDs with names. They're listed in the format described in "ASN1 Object Configuration Module" in config(5). |
| -optionscommand | Output a two-column list of the options accepted by the specified command. The first is the option name, and the second is a one-character indication of what type of parameter it takes, if any. This is an internal option, used for checking that the documentation is complete. |
| -propquerypropq | See "Provider Options" in openssl(1), provider(7), and property(7). |
| Legacy implementations | Legacy implementations will simply display the main name of the algorithm on a line of its own, or in the form "<foo " bar>> to show that "foo" is an alias for the main name, "bar" |
| Provided implementations | foo @ bar or like this if it's labeled with multiple names: { foo1, foo2 } @bar In both cases, "bar" is the name of the provider. |
NAME
openssl-list - list algorithms and features
SYNOPSIS
openssl list [-help] [-verbose] [-selectname] [-1] [-all-algorithms] [-commands] [-standard-commands] [-digest-algorithms] [-digest-commands] [-kdf-algorithms] [-mac-algorithms] [-random-instances] [-random-generators] [-cipher-algorithms] [-cipher-commands] [-encoders] [-decoders] [-key-managers] [-skey-managers] [-key-exchange-algorithms] [-kem-algorithms] [-tls-groups] [-all-tls-groups] [-tls1_2] [-tls1_3] [-signature-algorithms] [-tls-signature-algorithms] [-asymcipher-algorithms] [-public-key-algorithms] [-public-key-methods] [-store-loaders] [-providers] [-engines] [-disabled] [-objects] [-optionscommand] [-providername] [-provider-pathpath] [-provparam[name:]key=value] [-propquerypropq]
DESCRIPTION
This command is used to generate list of algorithms or disabled features.
OPTIONS
- -help
Display a usage message.
- -verbose
Displays extra information. The options below where verbosity applies say a bit more about what that means.
- -selectname
Only list algorithms that match this name.
- -1
List the commands, digest-commands, or cipher-commands in a single column. If used, this option must be given first.
- -all-algorithms
Display lists of all algorithms. These include:
- Asymmetric ciphers
- Decoders
- Digests
- Encoders
- Key derivation algorithms (KDF)
- Key encapsulation methods (KEM)
- Key exchange algorithms (KEX)
- Key managers
- Symmetric key managers
- Message authentication code algorithms (MAC)
- Random number generators (RNG, DRBG)
- Signature algorithms
- Store loaders
- Symmetric ciphers
- -commands
Display a list of standard commands.
- -standard-commands
List of standard commands.
- -digest-commands
Display a list of message digest commands, which are typically used as input to the openssl-dgst(1) or openssl-speed(1) commands.
- -cipher-commands
Display a list of cipher commands, which are typically used as input to the openssl-enc(1) or openssl-speed(1) commands.
- -cipher-algorithms, -digest-algorithms, -kdf-algorithms, -mac-algorithms,
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
- -random-instances
List the primary, public and private random number generator details.
- -random-generators
Display a list of random number generators. See "Display of algorithm names" for a description of how names are displayed.
- -encoders
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
- -decoders
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
- -public-key-algorithms
Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. The options key-exchange-algorithms, kem-algorithms, signature-algorithms, and asymcipher-algorithms will display similar info.
- -public-key-methods
Display a list of public key methods.
- -key-managers
Display a list of key managers.
- -skey-managers
Display a list of symmetric key managers.
- -key-exchange-algorithms
Display a list of key exchange algorithms.
- -kem-algorithms
Display a list of key encapsulation algorithms.
- -tls-groups
Display a list of the IANA names of all available (implemented) TLS groups. By default the listed groups are those compatible with TLS 1.3.
- -all-tls-groups
Display a list of the names of all available (implemented) TLS groups, including any aliases. Some groups are known under multiple names, for example, secp256r1 is also known as P-256. By default the listed groups are those compatible with TLS 1.3.
- -tls1_2
When listing TLS groups, list those compatible with TLS 1.2
- -tls1_3
When listing TLS groups, output those compatible with TLS 1.3. TLS 1.3 is the current default protocol version, but the default version is subject to change, so best to specify the version explicitly.
- -signature-algorithms
Display a list of signature algorithms.
- -tls-signature-algorithms
Display the list of signature algorithms available for TLS handshakes made available by all currently active providers. The output format is colon delimited in a form directly usable in SSL_CONF_cmd(3) specifying SignatureAlgorithms.
- -asymcipher-algorithms
Display a list of asymmetric cipher algorithms.
- -store-loaders
Display a list of store loaders.
- -providers
In verbose mode, the full version and all provider parameters will additionally be displayed.
- -engines
Display a list of loaded engines.
- -disabled
Display a list of disabled features, those that were compiled out of the installation.
- -objects
Display a list of built in objects, i.e. OIDs with names. They're listed in the format described in "ASN1 Object Configuration Module" in config(5).
- -optionscommand
Output a two-column list of the options accepted by the specified command. The first is the option name, and the second is a one-character indication of what type of parameter it takes, if any. This is an internal option, used for checking that the documentation is complete.
- -providername
- -provider-pathpath
- -provparam[name:]key=value
- -propquerypropq
See "Provider Options" in openssl(1), provider(7), and property(7).
Display of algorithm names
Algorithm names may be displayed in one of two manners:
- Legacy implementations
Legacy implementations will simply display the main name of the algorithm on a line of its own, or in the form "<foo " bar>> to show that "foo" is an alias for the main name, "bar"
- Provided implementations
- bash
foo @ baror like this if it's labeled with multiple names:
bash{ foo1, foo2 } @barIn both cases, "bar" is the name of the provider.
HISTORY
The -engines, -digest-commands, and -cipher-commands options were deprecated in OpenSSL 3.0.
The -skey-managers option was added in OpenSSL 3.5.
COPYRIGHT
Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.