gnutls on RHEL4
Updated -
Details of the capabilities of gnutls-1.0.20 on RHEL4
This article is part of the Securing Applications Collection
Due to the serious flaws uncovered in openssl during the lifetime of RHEL4 you should always use the latest version but at least
gnutls-1.0.20-4.el4_8.7
Capabilities
Protocols
- TLSv1.1
- TLSv1
- SSLv3
Ciphers
TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 0x00, 0x46 TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 0x00, 0x89 TLS1.0
TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0
TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0
TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL3.0
TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0
TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0
TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0
TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
Certificates
- certificates with RSA keys and SHA-1 signatures.
Hashes
- md5 message digest algorithm
- sha1 message digest algorithm
Additional Notes
Capabilities as given by gnutls-cli
$ gnutls-cli -l
Certificate types: X.509, OPENPGP
Protocols: TLS1.0, TLS1.1, SSL3.0
Ciphers: AES-128-CBC, 3DES-CBC, ARCFOUR, ARCFOUR-40
MACs: MD5, RMD160, SHA1
Key exchange algorithms: RSA, RSA-EXPORT, DHE-DSS, DHE-RSA, SRP, SRP-RSA, SRP-DSS, ANON-DH
Compression methods: DEFLATE, LZO, NULL
Comments