Anybody know TLS_RSA_WITH_AES_256_CBC_SHA256 is supported by gnutls or not

Simon Josefsson simon at
Tue Sep 1 15:36:21 CEST 2009

Brad Hards <bradh at> writes:

> On Tuesday 01 September 2009 20:07:29 Tang Tong-A21500 wrote:
>> As title.
> Revision to my previous advice, after catching up on my gnutls-devel mailing 
> list mail. It appears that gnutls now has SHA2.

Correct, but only on the experimental v2.9.x branch.  Once we have
confirmed that server-side TLS 1.2 is working, I want to release it as a
stable branch and enable TLS 1.2 by default.  We've delayed proper TLS
1.2 support long enough already.


> [bradh at conferta src]$ ./gnutls-cli --list
> Cipher suites:
> TLS_ANON_DH_ARCFOUR_MD5                                 0x00, 0x18      SSL3.0
> TLS_ANON_DH_3DES_EDE_CBC_SHA1                           0x00, 0x1b      SSL3.0
> TLS_ANON_DH_AES_128_CBC_SHA1                            0x00, 0x34      SSL3.0
> TLS_ANON_DH_AES_256_CBC_SHA1                            0x00, 0x3a      SSL3.0
> TLS_ANON_DH_AES_128_CBC_SHA256                          0x00, 0x6c      TLS1.2
> TLS_ANON_DH_AES_256_CBC_SHA256                          0x00, 0x6d      TLS1.2
> TLS_PSK_SHA_ARCFOUR_SHA1                                0x00, 0x8a      TLS1.0
> TLS_PSK_SHA_3DES_EDE_CBC_SHA1                           0x00, 0x8b      TLS1.0
> TLS_PSK_SHA_AES_128_CBC_SHA1                            0x00, 0x8c      TLS1.0
> TLS_PSK_SHA_AES_256_CBC_SHA1                            0x00, 0x8d      TLS1.0
> TLS_DHE_PSK_SHA_ARCFOUR_SHA1                            0x00, 0x8e      TLS1.0
> TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1                       0x00, 0x8f      TLS1.0
> TLS_DHE_PSK_SHA_AES_128_CBC_SHA1                        0x00, 0x90      TLS1.0
> TLS_DHE_PSK_SHA_AES_256_CBC_SHA1                        0x00, 0x91      TLS1.0
> TLS_SRP_SHA_3DES_EDE_CBC_SHA1                           0xc0, 0x1a      TLS1.0
> TLS_SRP_SHA_AES_128_CBC_SHA1                            0xc0, 0x1d      TLS1.0
> TLS_SRP_SHA_AES_256_CBC_SHA1                            0xc0, 0x20      TLS1.0
> TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1                       0xc0, 0x1c      TLS1.0
> TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1                       0xc0, 0x1b      TLS1.0
> TLS_SRP_SHA_DSS_AES_128_CBC_SHA1                        0xc0, 0x1f      TLS1.0
> TLS_SRP_SHA_RSA_AES_128_CBC_SHA1                        0xc0, 0x1e      TLS1.0
> TLS_SRP_SHA_DSS_AES_256_CBC_SHA1                        0xc0, 0x22      TLS1.0
> TLS_SRP_SHA_RSA_AES_256_CBC_SHA1                        0xc0, 0x21      TLS1.0
> TLS_DHE_DSS_ARCFOUR_SHA1                                0x00, 0x66      TLS1.0
> TLS_DHE_DSS_3DES_EDE_CBC_SHA1                           0x00, 0x13      SSL3.0
> TLS_DHE_DSS_AES_128_CBC_SHA1                            0x00, 0x32      SSL3.0
> TLS_DHE_DSS_AES_256_CBC_SHA1                            0x00, 0x38      SSL3.0
> TLS_DHE_DSS_AES_128_CBC_SHA256                          0x00, 0x40      TLS1.2
> TLS_DHE_DSS_AES_256_CBC_SHA256                          0x00, 0x6a      TLS1.2
> TLS_DHE_RSA_3DES_EDE_CBC_SHA1                           0x00, 0x16      SSL3.0
> TLS_DHE_RSA_AES_128_CBC_SHA1                            0x00, 0x33      SSL3.0
> TLS_DHE_RSA_AES_256_CBC_SHA1                            0x00, 0x39      SSL3.0
> TLS_DHE_RSA_AES_128_CBC_SHA256                          0x00, 0x67      TLS1.2
> TLS_DHE_RSA_AES_256_CBC_SHA256                          0x00, 0x6b      TLS1.2
> TLS_RSA_NULL_MD5                                        0x00, 0x01      SSL3.0
> TLS_RSA_EXPORT_ARCFOUR_40_MD5                           0x00, 0x03      SSL3.0
> TLS_RSA_ARCFOUR_SHA1                                    0x00, 0x05      SSL3.0
> TLS_RSA_ARCFOUR_MD5                                     0x00, 0x04      SSL3.0
> TLS_RSA_3DES_EDE_CBC_SHA1                               0x00, 0x0a      SSL3.0
> TLS_RSA_AES_128_CBC_SHA1                                0x00, 0x2f      SSL3.0
> TLS_RSA_AES_256_CBC_SHA1                                0x00, 0x35      SSL3.0
> TLS_RSA_AES_128_CBC_SHA256                              0x00, 0x3c      TLS1.2
> TLS_RSA_AES_256_CBC_SHA256                              0x00, 0x3d      TLS1.2
> Certificate types: X.509, OPENPGP
> Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
> Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, 
> RC2-40, NULL
> MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL
> Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS, 
> Compression: DEFLATE, NULL
> Public Key Systems: RSA, DSA
> PK-signatures: RSA-SHA, RSA-SHA256, RSA-SHA384, RSA-SHA512, RSA-RMD160, DSA-

More information about the Gnutls-help mailing list