To support testing specific client configurations k6 allows you to set a specific version or range of versions of SSL/TLS that should be allowed for a connection, as well as which cipher suites are allowed to be used on that connection.
⚠️ Reg. ciphers and TLS 1.3
Due to limitations in the underlying go implementation changing of the ciphers for TLS 1.3 is not supported and will do nothing.
Limiting the SSL/TLS versions that k6 will be allowed to use during a test is a global configuration option. You can choose to limit to a specific version:
Below is the list of available SSL/TLS version that you can choose from. They are listed in order from lowest/oldest version to highest/newest version.
Limiting the cipher suites that k6 is allowed to use during a test is a global configuration option. You choose a list of allowed ciphers:
You can also check which SSL/TLS version and ciphers were used to make a request by looking at the tls_version and tls_cipher_suite response object properties.
Below is a list of available SSL/TLS cipher suites to choose from.
Note that there could be differences from the above list of available cipher suites depending on which k6 build your running.
The list above will reflect the available cipher suites in the latest official build. If you are using a custom-built k6 then the cipher suites available will be dependent on the Go version you compiled it with, see https://golang.org/pkg/crypto/tls/#pkg-constants.