NSS on RHEL4

Updated -

Capabilities of NSS (v3.12.10) on RHEL4

This article is part of the Securing Applications Collection

Due to the serious issues with the design of TLS and implementation issues in nss uncovered during the lifetime of RHEL4 you should always use the latest version but at least

nss-3.12.10-10.el4

Capabilities

Protocols

  • TLSv1
  • SSLv3
  • SSLv2

Ciphers

In all current versions of NSS there is no centralised mechanism to provide a preferred cipher list. The result of this is that all applications that utilise NSS for their cipher needs provide their own cipher string parsers.

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
  0xc00a ECDHE ECDSA AES      256 SHA1   Disabled FIPS Domestic
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
  0xc014 ECDHE RSA   AES      256 SHA1   Disabled FIPS Domestic
TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
  0x0039 DHE   RSA   AES      256 SHA1   Disabled FIPS Domestic
TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
  0x0038 DHE   DSA   AES      256 SHA1   Disabled FIPS Domestic
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
  0xc00f ECDH  RSA   AES      256 SHA1   Disabled FIPS Domestic
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
  0xc005 ECDH  ECDSA AES      256 SHA1   Disabled FIPS Domestic
TLS_RSA_WITH_AES_256_CBC_SHA:
  0x0035 RSA   RSA   AES      256 SHA1   Disabled FIPS Domestic
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
  0xc007 ECDHE ECDSA RC4      128 SHA1   Disabled      Domestic
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
  0xc009 ECDHE ECDSA AES      128 SHA1   Disabled FIPS Domestic
TLS_ECDHE_RSA_WITH_RC4_128_SHA:
  0xc011 ECDHE RSA   RC4      128 SHA1   Disabled      Domestic
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
  0xc013 ECDHE RSA   AES      128 SHA1   Disabled FIPS Domestic
TLS_DHE_DSS_WITH_RC4_128_SHA:
  0x0066 DHE   DSA   RC4      128 SHA1   Disabled      Domestic
TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
  0x0033 DHE   RSA   AES      128 SHA1   Disabled FIPS Domestic
TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
  0x0032 DHE   DSA   AES      128 SHA1   Disabled FIPS Domestic
TLS_ECDH_RSA_WITH_RC4_128_SHA:
  0xc00c ECDH  RSA   RC4      128 SHA1   Disabled      Domestic
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
  0xc00e ECDH  RSA   AES      128 SHA1   Disabled FIPS Domestic
TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
  0xc002 ECDH  ECDSA RC4      128 SHA1   Disabled      Domestic
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
  0xc004 ECDH  ECDSA AES      128 SHA1   Disabled FIPS Domestic
SSL_RSA_WITH_RC4_128_MD5:
  0x0004 RSA   RSA   RC4      128 MD5    Enabled       Domestic
SSL_RSA_WITH_RC4_128_SHA:
  0x0005 RSA   RSA   RC4      128 SHA1   Disabled      Domestic
TLS_RSA_WITH_AES_128_CBC_SHA:
  0x002f RSA   RSA   AES      128 SHA1   Disabled FIPS Domestic
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
  0xc008 ECDHE ECDSA 3DES     112 SHA1   Disabled FIPS Domestic
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
  0xc012 ECDHE RSA   3DES     112 SHA1   Disabled FIPS Domestic
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
  0x0016 DHE   RSA   3DES     112 SHA1   Disabled FIPS Domestic
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
  0x0013 DHE   DSA   3DES     112 SHA1   Disabled FIPS Domestic
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
  0xc00d ECDH  RSA   3DES     112 SHA1   Disabled FIPS Domestic
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
  0xc003 ECDH  ECDSA 3DES     112 SHA1   Disabled FIPS Domestic
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA:
  0xfeff RSA   RSA   3DES     112 SHA1   Enabled  FIPS Domestic nonStandard
SSL_RSA_WITH_3DES_EDE_CBC_SHA:
  0x000a RSA   RSA   3DES     112 SHA1   Enabled  FIPS Domestic
SSL_DHE_RSA_WITH_DES_CBC_SHA:
  0x0015 DHE   RSA   DES       56 SHA1   Disabled      Domestic
SSL_DHE_DSS_WITH_DES_CBC_SHA:
  0x0012 DHE   DSA   DES       56 SHA1   Disabled      Domestic
SSL_RSA_FIPS_WITH_DES_CBC_SHA:
  0xfefe RSA   RSA   DES       56 SHA1   Enabled       Domestic nonStandard
SSL_RSA_WITH_DES_CBC_SHA:
  0x0009 RSA   RSA   DES       56 SHA1   Enabled       Domestic
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
  0x0064 RSA   RSA   RC4       56 SHA1   Enabled       Export
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
  0x0062 RSA   RSA   DES       56 SHA1   Enabled       Export
SSL_RSA_EXPORT_WITH_RC4_40_MD5:
  0x0003 RSA   RSA   RC4       40 MD5    Enabled       Export
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
  0x0006 RSA   RSA   RC2       40 MD5    Enabled       Export
TLS_ECDHE_ECDSA_WITH_NULL_SHA:
  0xc006 ECDHE ECDSA NULL       0 SHA1   Disabled      Domestic
TLS_ECDHE_RSA_WITH_NULL_SHA:
  0xc010 ECDHE RSA   NULL       0 SHA1   Disabled      Domestic
TLS_ECDH_RSA_WITH_NULL_SHA:
  0xc00b ECDH  RSA   NULL       0 SHA1   Disabled      Domestic
TLS_ECDH_ECDSA_WITH_NULL_SHA:
  0xc001 ECDH  ECDSA NULL       0 SHA1   Disabled      Domestic
SSL_RSA_WITH_NULL_SHA:
  0x0002 RSA   RSA   NULL       0 SHA1   Disabled      Export
SSL_RSA_WITH_NULL_MD5:
  0x0001 RSA   RSA   NULL       0 MD5    Disabled      Export
SSL_CK_RC4_128_WITH_MD5:
  0xff01 RSA   RSA   RC4      128 MD5    Enabled  SSL2 Domestic
SSL_CK_RC2_128_CBC_WITH_MD5:
  0xff03 RSA   RSA   RC2      128 MD5    Enabled  SSL2 Domestic
SSL_CK_DES_192_EDE3_CBC_WITH_MD5:
  0xff07 RSA   RSA   3DES     112 MD5    Enabled  SSL2 Domestic
SSL_CK_DES_64_CBC_WITH_MD5:
  0xff06 RSA   RSA   DES       56 MD5    Enabled  SSL2 Domestic
SSL_CK_RC4_128_EXPORT40_WITH_MD5:
  0xff02 RSA   RSA   RC4       40 MD5    Enabled  SSL2 Export
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5:
  0xff04 RSA   RSA   RC2       40 MD5    Enabled  SSL2 Export

Certificates

  • certificates with RSA keys and SHA-1 or SHA-256 signatures.

Hashes

  • md5 message digest algorithm
  • sha1 message digest algorithm
  • sha message digest algorithm
  • sha224 message digest algorithm
  • sha256 message digest algorithm
  • sha384 message digest algorithm
  • sha512 message digest algorithm

Additional Notes

  • Component
  • nss

Comments