Submit a Pull Request Report a Bug

    openssl_get_cipher_methods

    (PHP 5 >= 5.3.0, PHP 7, PHP 8)

    openssl_get_cipher_methodsGets available cipher methods

    Description

    openssl_get_cipher_methods(bool $aliases = false): array

    Gets a list of available cipher methods.

    Parameters

    aliases

    Set to true if cipher aliases should be included within the returned array.

    Return Values

    An array of available cipher methods. Note that prior to OpenSSL 1.1.1, the cipher methods have been returned in upper case and lower case spelling; as of OpenSSL 1.1.1 only the lower case variants are returned.

    Examples

    Example #1 openssl_get_cipher_methods() example

    Shows how the available ciphers might look, and also which aliases might be available.

    <?php
    $ciphers                 openssl_get_cipher_methods();
    $ciphers_and_aliases openssl_get_cipher_methods(true);
    $cipher_aliases      array_diff($ciphers_and_aliases$ciphers);

    //ECB mode should be avoided
    $ciphers array_filter$ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );

    //At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
    $ciphers array_filter$ciphers, function($c) { return stripos($c,"des")===FALSE; } );
    $ciphers array_filter$ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
    $ciphers array_filter$ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
    $ciphers array_filter$ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
    $cipher_aliases array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
    $cipher_aliases array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );

    print_r($ciphers);
    print_r($cipher_aliases);
    ?>

    The above example will output something similar to:

    Array
(
    [0] => aes-128-cbc
    [1] => aes-128-cbc-hmac-sha1
    [2] => aes-128-cbc-hmac-sha256
    [3] => aes-128-ccm
    [4] => aes-128-cfb
    [5] => aes-128-cfb1
    [6] => aes-128-cfb8
    [7] => aes-128-ctr
    [9] => aes-128-gcm
    [10] => aes-128-ocb
    [11] => aes-128-ofb
    [12] => aes-128-xts
    [13] => aes-192-cbc
    [14] => aes-192-ccm
    [15] => aes-192-cfb
    [16] => aes-192-cfb1
    [17] => aes-192-cfb8
    [18] => aes-192-ctr
    [20] => aes-192-gcm
    [21] => aes-192-ocb
    [22] => aes-192-ofb
    [23] => aes-256-cbc
    [24] => aes-256-cbc-hmac-sha1
    [25] => aes-256-cbc-hmac-sha256
    [26] => aes-256-ccm
    [27] => aes-256-cfb
    [28] => aes-256-cfb1
    [29] => aes-256-cfb8
    [30] => aes-256-ctr
    [32] => aes-256-gcm
    [33] => aes-256-ocb
    [34] => aes-256-ofb
    [35] => aes-256-xts
    [36] => aria-128-cbc
    [37] => aria-128-ccm
    [38] => aria-128-cfb
    [39] => aria-128-cfb1
    [40] => aria-128-cfb8
    [41] => aria-128-ctr
    [43] => aria-128-gcm
    [44] => aria-128-ofb
    [45] => aria-192-cbc
    [46] => aria-192-ccm
    [47] => aria-192-cfb
    [48] => aria-192-cfb1
    [49] => aria-192-cfb8
    [50] => aria-192-ctr
    [52] => aria-192-gcm
    [53] => aria-192-ofb
    [54] => aria-256-cbc
    [55] => aria-256-ccm
    [56] => aria-256-cfb
    [57] => aria-256-cfb1
    [58] => aria-256-cfb8
    [59] => aria-256-ctr
    [61] => aria-256-gcm
    [62] => aria-256-ofb
    [63] => bf-cbc
    [64] => bf-cfb
    [66] => bf-ofb
    [67] => camellia-128-cbc
    [68] => camellia-128-cfb
    [69] => camellia-128-cfb1
    [70] => camellia-128-cfb8
    [71] => camellia-128-ctr
    [73] => camellia-128-ofb
    [74] => camellia-192-cbc
    [75] => camellia-192-cfb
    [76] => camellia-192-cfb1
    [77] => camellia-192-cfb8
    [78] => camellia-192-ctr
    [80] => camellia-192-ofb
    [81] => camellia-256-cbc
    [82] => camellia-256-cfb
    [83] => camellia-256-cfb1
    [84] => camellia-256-cfb8
    [85] => camellia-256-ctr
    [87] => camellia-256-ofb
    [88] => cast5-cbc
    [89] => cast5-cfb
    [91] => cast5-ofb
    [92] => chacha20
    [93] => chacha20-poly1305
    [111] => id-aes128-CCM
    [112] => id-aes128-GCM
    [113] => id-aes128-wrap
    [114] => id-aes128-wrap-pad
    [115] => id-aes192-CCM
    [116] => id-aes192-GCM
    [117] => id-aes192-wrap
    [118] => id-aes192-wrap-pad
    [119] => id-aes256-CCM
    [120] => id-aes256-GCM
    [121] => id-aes256-wrap
    [122] => id-aes256-wrap-pad
    [124] => idea-cbc
    [125] => idea-cfb
    [127] => idea-ofb
    [137] => seed-cbc
    [138] => seed-cfb
    [140] => seed-ofb
    [141] => sm4-cbc
    [142] => sm4-cfb
    [143] => sm4-ctr
    [145] => sm4-ofb
)
Array
(
    [36] => aes128
    [37] => aes128-wrap
    [38] => aes192
    [39] => aes192-wrap
    [40] => aes256
    [41] => aes256-wrap
    [69] => aria128
    [70] => aria192
    [71] => aria256
    [72] => bf
    [77] => blowfish
    [99] => camellia128
    [100] => camellia192
    [101] => camellia256
    [102] => cast
    [103] => cast-cbc
    [146] => idea
    [164] => seed
    [169] => sm4
)

    See Also

    add a note add a note

    User Contributed Notes 2 notes

    up
    13
    Alasdair
    5 years ago
    With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.

    https://github.com/oerdnj/deb.sury.org/issues/990
    up
    1
    karel dot wintersky at gmail dot com
    6 years ago
    May be useful for cyphers execution speed.

    <?php

    const TEST_COUNT = 100000;
    const     SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
    const     KEY = "password";

    function     TESTER( $testing_function, $argument )
    {
            $t = microtime(true);

        for (    $test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
                $testing_function( $argument );
        }
        return     round(microtime(true) - $t, 4);
    }

    $crypt = function($cipher) {
            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
    };

    $methods = openssl_get_cipher_methods(false);

    array_splice( $methods, 0, count($methods) / 2);

    $timings = array();

    foreach (    $methods as $cypher) {
            $time = TESTER( $crypt, $cypher );
            $timings[ $cypher ] = $time;
        echo     str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time  ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
    }

    uasort($timings, function($a, $b){
        return     $a <=> $b;
    });

    $min_time = round(reset($timings) / TEST_COUNT, 7);
    $min_cypher = key($timings);

    $max_time = round(end($timings) / TEST_COUNT, 7);
    $max_cypher = key($timings);

    echo     '-------------', PHP_EOL;
    echo     "Total tests: ", count($timings), PHP_EOL;
    echo     "Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
    echo     "Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;

    echo     'Details: ', PHP_EOL;

    foreach (    $timings as $m => $t) {
        echo     '- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`"PHP_EOL;
    }

    echo     PHP_EOL;
    add a note add a note
    To Top