Default cipher that OpenSSL used to encrypt a PEM file

Having generated couple of PEM files with OpenSSL for testing and writing tutorial purpose. Sometimes I wonder if OpenSSL has a default cipher selected just in case there is no cipher given as parameter.

For example, running this command below

 openssl req -x509 -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem

will prompt me for password to be used for encrypting the key.pem files... but with which type of encryption cipher ?

One way to find out is to look into the generated key.pem file.

more key.pem

 -----BEGIN RSA PRIVATE KEY----- 
 Proc-Type: 4,ENCRYPTED 
 DEK-Info: DES-EDE3-CBC,D00B327DC8F6FEF4

From the information, it seems that the default cipher is DES-EDE3-CBC and this is confirmed to be true after digging through the OpenSSL's source code at https://github.com/openssl/openssl/blob/master/apps/req.c

line 198 to 199 :

 #ifndef OPENSSL_NO_DES
 cipher=EVP_des_ede3_cbc(); 

Depending on what you are trying to achieve... you can change the encryption cipher by processing the key.pem file and produce a new file encrypted with different cipher.

For example :

 openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -out aes256key.pem

will produce a AES-256 encrypted pem file. (See more examples at https://www.openssl.org/docs/apps/pkcs8.html)