Why don't Node.js TLS supported ciphers correspond to the openssl supported ciphers?

Question

According to openssl, these are the ciphers that it supports:

 DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
 DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
 AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
 EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
 EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
 DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
 DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
 DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
 DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
 AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
 RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
 RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
 RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
 RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
 EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
 EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
 DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
 DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
 EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
 EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
 EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
 EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
 EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
 EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
 EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

I am running a simple node.js https server on port 443. When I run sslscan, the following are the Accepted ciphers:

 Accepted  SSLv3  256 bits  AES256-SHA
 Accepted  SSLv3  128 bits  AES128-SHA
 Accepted  SSLv3  168 bits  DES-CBC3-SHA
 Accepted  SSLv3  128 bits  RC4-SHA
 Accepted  TLSv1  256 bits  AES256-SHA
 Accepted  TLSv1  128 bits  AES128-SHA
 Accepted  TLSv1  168 bits  DES-CBC3-SHA
 Accepted  TLSv1  128 bits  RC4-SHA

What I don't understand is, why is the list of actually supported ciphers so much shorter?

What's even more confusing, when in node I get the list of supported ciphers tls.getCiphers() I find a long list:

[ 'aes128-gcm-sha256', 'aes128-sha', 'aes128-sha256', 'aes256-gcm-sha384', 'aes256-sha', 'aes256-sha256', 'camellia128-sha', 'camellia256-sha', 'des-cbc-sha', 'des-cbc3-sha', 'dhe-dss-aes128-gcm-sha256', 'dhe-dss-aes128-sha', 'dhe-dss-aes128-sha256', 'dhe-dss-aes256-gcm-sha384', 'dhe-dss-aes256-sha', 'dhe-dss-aes256-sha256', 'dhe-dss-camellia128-sha', 'dhe-dss-camellia256-sha', 'dhe-dss-seed-sha', 'dhe-rsa-aes128-gcm-sha256', 'dhe-rsa-aes128-sha', 'dhe-rsa-aes128-sha256', 'dhe-rsa-aes256-gcm-sha384', 'dhe-rsa-aes256-sha', 'dhe-rsa-aes256-sha256', 'dhe-rsa-camellia128-sha', 'dhe-rsa-camellia256-sha', 'dhe-rsa-seed-sha', 'ecdh-ecdsa-aes128-gcm-sha256', 'ecdh-ecdsa-aes128-sha', 'ecdh-ecdsa-aes128-sha256', 'ecdh-ecdsa-aes256-gcm-sha384', 'ecdh-ecdsa-aes256-sha', 'ecdh-ecdsa-aes256-sha384', 'ecdh-ecdsa-des-cbc3-sha', 'ecdh-ecdsa-rc4-sha', 'ecdh-rsa-aes128-gcm-sha256', 'ecdh-rsa-aes128-sha', 'ecdh-rsa-aes128-sha256', 'ecdh-rsa-aes256-gcm-sha384', 'ecdh-rsa-aes256-sha', 'ecdh-rsa-aes256-sha384', 'ecdh-rsa-des-cbc3-sha', 'ecdh-rsa-rc4-sha', 'ecdhe-ecdsa-aes128-gcm-sha256', 'ecdhe-ecdsa-aes128-sha', 'ecdhe-ecdsa-aes128-sha256', 'ecdhe-ecdsa-aes256-gcm-sha384', 'ecdhe-ecdsa-aes256-sha', 'ecdhe-ecdsa-aes256-sha384', 'ecdhe-ecdsa-des-cbc3-sha', 'ecdhe-ecdsa-rc4-sha', 'ecdhe-rsa-aes128-gcm-sha256', 'ecdhe-rsa-aes128-sha', 'ecdhe-rsa-aes128-sha256', 'ecdhe-rsa-aes256-gcm-sha384', 'ecdhe-rsa-aes256-sha', 'ecdhe-rsa-aes256-sha384', 'ecdhe-rsa-des-cbc3-sha', 'ecdhe-rsa-rc4-sha', 'edh-dss-des-cbc-sha', 'edh-dss-des-cbc3-sha', 'edh-rsa-des-cbc-sha', 'edh-rsa-des-cbc3-sha', 'exp-des-cbc-sha', 'exp-edh-dss-des-cbc-sha', 'exp-edh-rsa-des-cbc-sha', 'exp-rc2-cbc-md5', 'exp-rc4-md5', 'idea-cbc-sha', 'psk-3des-ede-cbc-sha', 'psk-aes128-cbc-sha', 'psk-aes256-cbc-sha', 'psk-rc4-sha', 'rc4-md5', 'rc4-sha', 'seed-sha', 'srp-dss-3des-ede-cbc-sha', 'srp-dss-aes-128-cbc-sha', 'srp-dss-aes-256-cbc-sha', 'srp-rsa-3des-ede-cbc-sha', 'srp-rsa-aes-128-cbc-sha', 'srp-rsa-aes-256-cbc-sha' ]

Answer 1

The first list are all the ciphers of SSLv3. Currently TLS 1.0, TLS 1.1 and TLS.2 have already been defined. So these are older ciphers.

The second list is the list of ciphers that are available in both client (sslscan) & server at the time of the handshake.

Finally, the last one seems to be the full list of ciphers that are present (but possibly not configured?) in NodeJS.

Note that OpenSSL documentation is notoriously sparse and often out of date, and that NodeJS does just slightly better.