gnutls on RHEL4

Updated -

Details of the capabilities of gnutls-1.0.20 on RHEL4

This article is part of the Securing Applications Collection

Due to the serious flaws uncovered in openssl during the lifetime of RHEL4 you should always use the latest version but at least

gnutls-1.0.20-4.el4_8.7

Capabilities

Protocols

  • TLSv1.1
  • TLSv1
  • SSLv3

Ciphers

TLS_ANON_DH_ARCFOUR_MD5                             0x00, 0x18  SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1                       0x00, 0x1b  SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1                        0x00, 0x34  SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1                        0x00, 0x3a  SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1                   0x00, 0x46  TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1                   0x00, 0x89  TLS1.0
TLS_PSK_SHA_ARCFOUR_SHA1                            0x00, 0x8a  TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1                       0x00, 0x8b  TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1                        0x00, 0x8c  TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1                        0x00, 0x8d  TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1                        0x00, 0x8e  TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1                   0x00, 0x8f  TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1                    0x00, 0x90  TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1                    0x00, 0x91  TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1                       0xc0, 0x1a  TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1                        0xc0, 0x1d  TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1                        0xc0, 0x20  TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1                   0xc0, 0x1c  TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1                   0xc0, 0x1b  TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1                    0xc0, 0x1f  TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1                    0xc0, 0x1e  TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1                    0xc0, 0x22  TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1                    0xc0, 0x21  TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1                            0x00, 0x66  TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1                       0x00, 0x13  SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1                        0x00, 0x32  SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1                        0x00, 0x38  SSL3.0
TLS_DHE_RSA_3DES_EDE_CBC_SHA1                       0x00, 0x16  SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1                        0x00, 0x33  SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1                        0x00, 0x39  SSL3.0
TLS_RSA_NULL_MD5                                    0x00, 0x01  SSL3.0
TLS_RSA_EXPORT_ARCFOUR_40_MD5                       0x00, 0x03  SSL3.0
TLS_RSA_ARCFOUR_SHA1                                0x00, 0x05  SSL3.0
TLS_RSA_ARCFOUR_MD5                                 0x00, 0x04  SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1                           0x00, 0x0a  SSL3.0
TLS_RSA_AES_128_CBC_SHA1                            0x00, 0x2f  SSL3.0
TLS_RSA_AES_256_CBC_SHA1                            0x00, 0x35  SSL3.0

Certificates

  • certificates with RSA keys and SHA-1 signatures.

Hashes

  • md5 message digest algorithm
  • sha1 message digest algorithm

Additional Notes

Capabilities as given by gnutls-cli

$ gnutls-cli -l

Certificate types: X.509, OPENPGP
Protocols: TLS1.0, TLS1.1, SSL3.0
Ciphers: AES-128-CBC, 3DES-CBC, ARCFOUR, ARCFOUR-40
MACs: MD5, RMD160, SHA1
Key exchange algorithms: RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, SRP, SRP-RSA, SRP-DSS, ANON-DH
Compression methods: DEFLATE, LZO, NULL