openssl-list - list algorithms and features
openssl list [-help] [-verbose] [-select name] [-1] [-all-algorithms] [-commands] [-standard-commands] [-digest-algorithms] [-digest-commands] [-kdf-algorithms] [-mac-algorithms] [-random-instances] [-random-generators] [-cipher-algorithms] [-cipher-commands] [-encoders] [-decoders] [-key-managers] [-skey-managers] [-key-exchange-algorithms] [-kem-algorithms] [-tls-groups] [-all-tls-groups] [-tls1_2] [-tls1_3] [-signature-algorithms] [-tls-signature-algorithms] [-asymcipher-algorithms] [-public-key-algorithms] [-public-key-methods] [-store-loaders] [-providers] [-engines] [-disabled] [-objects] [-options command] [-provider name] [-provider-path path] [-provparam [name:]key=value] [-propquery propq]
This command is used to generate list of algorithms or disabled features.
Display a usage message.
Displays extra information. The options below where verbosity applies say a bit more about what that means.
Only list algorithms that match this name.
List the commands, digest-commands, or cipher-commands in a single column. If used, this option must be given first.
Display lists of all algorithms. These include:
Display a list of standard commands.
List of standard commands.
This option is deprecated. Use digest-algorithms instead.
Display a list of message digest commands, which are typically used as input to the openssl-dgst(1) or openssl-speed(1) commands.
This option is deprecated. Use cipher-algorithms instead.
Display a list of cipher commands, which are typically used as input to the openssl-enc(1) or openssl-speed(1) commands.
Display a list of symmetric cipher, digest, kdf and mac algorithms. See "Display of algorithm names" for a description of how names are displayed.
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
List the primary, public and private random number generator details.
Display a list of random number generators. See "Display of algorithm names" for a description of how names are displayed.
Display a list of encoders. See "Display of algorithm names" for a description of how names are displayed.
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
Display a list of decoders. See "Display of algorithm names" for a description of how names are displayed.
In verbose mode, the algorithms provided by a provider will get additional information on what parameters each implementation supports.
Display a list of public key algorithms, with each algorithm as a block of multiple lines, all but the first are indented. The options key-exchange-algorithms, kem-algorithms, signature-algorithms, and asymcipher-algorithms will display similar info.
Display a list of public key methods.
Display a list of key managers.
Display a list of symmetric key managers.
Display a list of key exchange algorithms.
Display a list of key encapsulation algorithms.
Display a list of the IANA names of all available (implemented) TLS groups. By default the listed groups are those compatible with TLS 1.3.
Display a list of the names of all available (implemented) TLS groups, including any aliases. Some groups are known under multiple names, for example, secp256r1 is also known as P-256. By default the listed groups are those compatible with TLS 1.3.
When listing TLS groups, list those compatible with TLS 1.2
When listing TLS groups, output those compatible with TLS 1.3. TLS 1.3 is the current default protocol version, but the default version is subject to change, so best to specify the version explicitly.
Display a list of signature algorithms.
Display the list of signature algorithms available for TLS handshakes made available by all currently active providers. The output format is colon delimited in a form directly usable in SSL_CONF_cmd(3) specifying SignatureAlgorithms.
Display a list of asymmetric cipher algorithms.
Display a list of store loaders.
Display a list of all loaded providers with their names, version and status.
In verbose mode, the full version and all provider parameters will additionally be displayed.
This option is deprecated.
Display a list of loaded engines.
Display a list of disabled features, those that were compiled out of the installation.
Display a list of built in objects, i.e. OIDs with names. They're listed in the format described in "ASN1 Object Configuration Module" in config(5).
Output a two-column list of the options accepted by the specified command. The first is the option name, and the second is a one-character indication of what type of parameter it takes, if any. This is an internal option, used for checking that the documentation is complete.
See "Provider Options" in openssl(1), provider(7), and property(7).
Algorithm names may be displayed in one of two manners:
Legacy implementations will simply display the main name of the algorithm on a line of its own, or in the form <foo  bar>> to show that foo is an alias for the main name, bar
Implementations from a provider are displayed like this if the implementation is labeled with a single name:
foo @ baror like this if it's labeled with multiple names:
{ foo1, foo2 } @barIn both cases, bar is the name of the provider.
The -engines, -digest-commands, and -cipher-commands options were deprecated in OpenSSL 3.0.
The -skey-managers option was added in OpenSSL 3.5.
Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.