gnutls on RHEL6

Details of the capabilities of gnutls-2.12.23 on RHEL6

This article is part of the Securing Applications Collection

Due to the serious issues with the design of TLS and implementation issues in openssl uncovered during the lifetime of RHEL6 you should always use the latest version but at least

gnutls-2.8.5-14.el6_5

Capabilities

Protocols

TLSv1.2
TLSv1.1
TLSv1
SSLv3

Ciphers

Suite Name	Cipher Suite	Protocol Level
TLS_ANON_DH_ARCFOUR_MD5	0x0018	SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1	0x001b	SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1	0x0034	SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1	0x003a	SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1	0x0046	TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1	0x0089	TLS1.0
TLS_ANON_DH_AES_128_CBC_SHA256	0x006c	TLS1.2
TLS_ANON_DH_AES_256_CBC_SHA256	0x006d	TLS1.2
TLS_PSK_SHA_ARCFOUR_SHA1	0x008a	TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1	0x008b	TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1	0x008c	TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1	0x008d	TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1	0x008e	TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1	0x008f	TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1	0x0090	TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1	0x0091	TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1	0xc01a	TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1	0xc01d	TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1	0xc020	TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1	0xc01c	TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1	0xc01b	TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1	0xc01f	TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1	0xc01e	TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1	0xc022	TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1	0xc021	TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1	0x0066	TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1	0x0013	SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1	0x0032	SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1	0x0038	SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1	0x0044	TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1	0x0087	TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256	0x0040	TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256	0x006a	TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1	0x0016	SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1	0x0033	SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1	0x0039	SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1	0x0045	TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1	0x0088	TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256	0x0067	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256	0x006b	TLS1.2
TLS_RSA_NULL_MD5	0x0001	SSL3.0
TLS_RSA_NULL_SHA1	0x0002	SSL3.0
TLS_RSA_NULL_SHA256	0x003b	TLS1.2
TLS_RSA_ARCFOUR_SHA1	0x0005	SSL3.0
TLS_RSA_ARCFOUR_MD5	0x0004	SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1	0x000a	SSL3.0
TLS_RSA_AES_128_CBC_SHA1	0x002f	SSL3.0
TLS_RSA_AES_256_CBC_SHA1	0x0035	SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1	0x0041	TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1	0x0084	TLS1.0
TLS_RSA_AES_128_CBC_SHA256	0x003c	TLS1.2
TLS_RSA_AES_256_CBC_SHA256	0x003d	TLS1.2

Certificates

certificates with RSA keys and SHA-1 or SHA-256 signatures.
certificates with EC keys and DSA or SHA-256 signatures

Hashes

md5 message digest algorithm
sha1 message digest algorithm
sha224 message digest algorithm
sha256 message digest algorithm
sha384 message digest algorithm
sha512 message digest algorithm

Additional Notes

Capabilities as given by gnutls-cli

$ gnutls-cli -l
Cipher suites:
TLS_ANON_DH_ARCFOUR_MD5                             0x00, 0x18  SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1                       0x00, 0x1b  SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1                        0x00, 0x34  SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1                        0x00, 0x3a  SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1                   0x00, 0x46  TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1                   0x00, 0x89  TLS1.0
TLS_ANON_DH_AES_128_CBC_SHA256                      0x00, 0x6c  TLS1.2
TLS_ANON_DH_AES_256_CBC_SHA256                      0x00, 0x6d  TLS1.2
TLS_PSK_SHA_ARCFOUR_SHA1                            0x00, 0x8a  TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1                       0x00, 0x8b  TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1                        0x00, 0x8c  TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1                        0x00, 0x8d  TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1                        0x00, 0x8e  TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1                   0x00, 0x8f  TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1                    0x00, 0x90  TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1                    0x00, 0x91  TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1                       0xc0, 0x1a  TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1                        0xc0, 0x1d  TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1                        0xc0, 0x20  TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1                   0xc0, 0x1c  TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1                   0xc0, 0x1b  TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1                    0xc0, 0x1f  TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1                    0xc0, 0x1e  TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1                    0xc0, 0x22  TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1                    0xc0, 0x21  TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1                            0x00, 0x66  TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1                       0x00, 0x13  SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1                        0x00, 0x32  SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1                        0x00, 0x38  SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1                   0x00, 0x44  TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1                   0x00, 0x87  TLS1.0
TLS_DHE_DSS_AES_128_CBC_SHA256                      0x00, 0x40  TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                      0x00, 0x6a  TLS1.2
TLS_DHE_RSA_3DES_EDE_CBC_SHA1                       0x00, 0x16  SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1                        0x00, 0x33  SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1                        0x00, 0x39  SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1                   0x00, 0x45  TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1                   0x00, 0x88  TLS1.0
TLS_DHE_RSA_AES_128_CBC_SHA256                      0x00, 0x67  TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                      0x00, 0x6b  TLS1.2
TLS_RSA_NULL_MD5                                    0x00, 0x01  SSL3.0
TLS_RSA_NULL_SHA1                                   0x00, 0x02  SSL3.0
TLS_RSA_NULL_SHA256                                 0x00, 0x3b  TLS1.2
TLS_RSA_ARCFOUR_SHA1                                0x00, 0x05  SSL3.0
TLS_RSA_ARCFOUR_MD5                                 0x00, 0x04  SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1                           0x00, 0x0a  SSL3.0
TLS_RSA_AES_128_CBC_SHA1                            0x00, 0x2f  SSL3.0
TLS_RSA_AES_256_CBC_SHA1                            0x00, 0x35  SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1                       0x00, 0x41  TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1                       0x00, 0x84  TLS1.0
TLS_RSA_AES_128_CBC_SHA256                          0x00, 0x3c  TLS1.2
TLS_RSA_AES_256_CBC_SHA256                          0x00, 0x3d  TLS1.2
Certificate types: CTYPE-X.509, CTYPE-OPENPGP
Protocols: VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL
MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, MAC-NULL
Key exchange algorithms: ANON-DH, RSA, DHE-RSA, DHE-DSS, PSK, DHE-PSK
Compression: COMP-DEFLATE, COMP-NULL
Public Key Systems: RSA, DSA
PK-signatures: SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-RSA-RMD160, SIGN-DSA-SHA1, SIGN-RSA-MD5, SIGN-RSA-MD2

Select Your Language

Capabilities

Protocols

Ciphers

Certificates

Hashes

Additional Notes

Capabilities as given by gnutls-cli

Comments

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Capabilities

Protocols

Ciphers

Certificates

Hashes

Additional Notes

Capabilities as given by gnutls-cli

Comments

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links