gnutls on RHEL6
Updated -
Details of the capabilities of gnutls-2.12.23 on RHEL6
This article is part of the Securing Applications Collection
Due to the serious issues with the design of TLS and implementation issues in openssl uncovered during the lifetime of RHEL6 you should always use the latest version but at least
gnutls-2.8.5-14.el6_5
Capabilities
Protocols
- TLSv1.2
- TLSv1.1
- TLSv1
- SSLv3
Ciphers
Suite Name | Cipher Suite | Protocol Level |
---|---|---|
TLS_ANON_DH_ARCFOUR_MD5 | 0x0018 | SSL3.0 |
TLS_ANON_DH_3DES_EDE_CBC_SHA1 | 0x001b | SSL3.0 |
TLS_ANON_DH_AES_128_CBC_SHA1 | 0x0034 | SSL3.0 |
TLS_ANON_DH_AES_256_CBC_SHA1 | 0x003a | SSL3.0 |
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 | 0x0046 | TLS1.0 |
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 | 0x0089 | TLS1.0 |
TLS_ANON_DH_AES_128_CBC_SHA256 | 0x006c | TLS1.2 |
TLS_ANON_DH_AES_256_CBC_SHA256 | 0x006d | TLS1.2 |
TLS_PSK_SHA_ARCFOUR_SHA1 | 0x008a | TLS1.0 |
TLS_PSK_SHA_3DES_EDE_CBC_SHA1 | 0x008b | TLS1.0 |
TLS_PSK_SHA_AES_128_CBC_SHA1 | 0x008c | TLS1.0 |
TLS_PSK_SHA_AES_256_CBC_SHA1 | 0x008d | TLS1.0 |
TLS_DHE_PSK_SHA_ARCFOUR_SHA1 | 0x008e | TLS1.0 |
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 | 0x008f | TLS1.0 |
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 | 0x0090 | TLS1.0 |
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 | 0x0091 | TLS1.0 |
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 | 0xc01a | TLS1.0 |
TLS_SRP_SHA_AES_128_CBC_SHA1 | 0xc01d | TLS1.0 |
TLS_SRP_SHA_AES_256_CBC_SHA1 | 0xc020 | TLS1.0 |
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 | 0xc01c | TLS1.0 |
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 | 0xc01b | TLS1.0 |
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 | 0xc01f | TLS1.0 |
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 | 0xc01e | TLS1.0 |
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 | 0xc022 | TLS1.0 |
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 | 0xc021 | TLS1.0 |
TLS_DHE_DSS_ARCFOUR_SHA1 | 0x0066 | TLS1.0 |
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 | 0x0013 | SSL3.0 |
TLS_DHE_DSS_AES_128_CBC_SHA1 | 0x0032 | SSL3.0 |
TLS_DHE_DSS_AES_256_CBC_SHA1 | 0x0038 | SSL3.0 |
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 | 0x0044 | TLS1.0 |
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 | 0x0087 | TLS1.0 |
TLS_DHE_DSS_AES_128_CBC_SHA256 | 0x0040 | TLS1.2 |
TLS_DHE_DSS_AES_256_CBC_SHA256 | 0x006a | TLS1.2 |
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 | 0x0016 | SSL3.0 |
TLS_DHE_RSA_AES_128_CBC_SHA1 | 0x0033 | SSL3.0 |
TLS_DHE_RSA_AES_256_CBC_SHA1 | 0x0039 | SSL3.0 |
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 | 0x0045 | TLS1.0 |
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 | 0x0088 | TLS1.0 |
TLS_DHE_RSA_AES_128_CBC_SHA256 | 0x0067 | TLS1.2 |
TLS_DHE_RSA_AES_256_CBC_SHA256 | 0x006b | TLS1.2 |
TLS_RSA_NULL_MD5 | 0x0001 | SSL3.0 |
TLS_RSA_NULL_SHA1 | 0x0002 | SSL3.0 |
TLS_RSA_NULL_SHA256 | 0x003b | TLS1.2 |
TLS_RSA_ARCFOUR_SHA1 | 0x0005 | SSL3.0 |
TLS_RSA_ARCFOUR_MD5 | 0x0004 | SSL3.0 |
TLS_RSA_3DES_EDE_CBC_SHA1 | 0x000a | SSL3.0 |
TLS_RSA_AES_128_CBC_SHA1 | 0x002f | SSL3.0 |
TLS_RSA_AES_256_CBC_SHA1 | 0x0035 | SSL3.0 |
TLS_RSA_CAMELLIA_128_CBC_SHA1 | 0x0041 | TLS1.0 |
TLS_RSA_CAMELLIA_256_CBC_SHA1 | 0x0084 | TLS1.0 |
TLS_RSA_AES_128_CBC_SHA256 | 0x003c | TLS1.2 |
TLS_RSA_AES_256_CBC_SHA256 | 0x003d | TLS1.2 |
Certificates
- certificates with RSA keys and SHA-1 or SHA-256 signatures.
- certificates with EC keys and DSA or SHA-256 signatures
Hashes
- md5 message digest algorithm
- sha1 message digest algorithm
- sha224 message digest algorithm
- sha256 message digest algorithm
- sha384 message digest algorithm
- sha512 message digest algorithm
Additional Notes
Capabilities as given by gnutls-cli
$ gnutls-cli -l
Cipher suites:
TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 0x00, 0x46 TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 0x00, 0x89 TLS1.0
TLS_ANON_DH_AES_128_CBC_SHA256 0x00, 0x6c TLS1.2
TLS_ANON_DH_AES_256_CBC_SHA256 0x00, 0x6d TLS1.2
TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 0x00, 0x44 TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 0x00, 0x87 TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x45 TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x88 TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0
TLS_RSA_NULL_SHA1 0x00, 0x02 SSL3.0
TLS_RSA_NULL_SHA256 0x00, 0x3b TLS1.2
TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0
TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0
TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0
TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x41 TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x84 TLS1.0
TLS_RSA_AES_128_CBC_SHA256 0x00, 0x3c TLS1.2
TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
Certificate types: CTYPE-X.509, CTYPE-OPENPGP
Protocols: VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL
MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, MAC-NULL
Key exchange algorithms: ANON-DH, RSA, DHE-RSA, DHE-DSS, PSK, DHE-PSK
Compression: COMP-DEFLATE, COMP-NULL
Public Key Systems: RSA, DSA
PK-signatures: SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-RSA-MD5, SIGN-RSA-MD2
Comments