Anybody know TLS_RSA_WITH_AES_256_CBC_SHA256 is supported by gnutls or not
Simon Josefsson
simon at josefsson.org
Tue Sep 1 15:36:21 CEST 2009
Brad Hards <bradh at frogmouth.net> writes:
> On Tuesday 01 September 2009 20:07:29 Tang Tong-A21500 wrote:
>> As title.
> Revision to my previous advice, after catching up on my gnutls-devel mailing
> list mail. It appears that gnutls now has SHA2.
Correct, but only on the experimental v2.9.x branch. Once we have
confirmed that server-side TLS 1.2 is working, I want to release it as a
stable branch and enable TLS 1.2 by default. We've delayed proper TLS
1.2 support long enough already.
/Simon
> [bradh at conferta src]$ ./gnutls-cli --list
> Cipher suites:
> TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0
> TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0
> TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0
> TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0
> TLS_ANON_DH_AES_128_CBC_SHA256 0x00, 0x6c TLS1.2
> TLS_ANON_DH_AES_256_CBC_SHA256 0x00, 0x6d TLS1.2
> TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0
> TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0
> TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0
> TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0
> TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0
> TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0
> TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0
> TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0
> TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0
> TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0
> TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0
> TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0
> TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0
> TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0
> TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0
> TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0
> TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0
> TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0
> TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0
> TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0
> TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0
> TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2
> TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
> TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0
> TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0
> TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0
> TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2
> TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
> TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0
> TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL3.0
> TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0
> TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0
> TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0
> TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0
> TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
> TLS_RSA_AES_128_CBC_SHA256 0x00, 0x3c TLS1.2
> TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
> Certificate types: X.509, OPENPGP
> Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
> Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40,
> RC2-40, NULL
> MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL
> Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS,
> SRP-RSA, SRP, PSK, DHE-PSK
> Compression: DEFLATE, NULL
> Public Key Systems: RSA, DSA
> PK-signatures: RSA-SHA, RSA-SHA256, RSA-SHA384, RSA-SHA512, RSA-RMD160, DSA-
> SHA, RSA-MD5, RSA-MD2
More information about the Gnutls-help
mailing list