Open mathstuf opened 9 years ago
Here's some more information on GnuTLS ciphersuites.
Can you (or someone) provide the modified ciphersuites for old
, intermediate
and modern
in the GnuTLS grammar?
@jvehent wrote this converstion tool, convert_openssl_to_gnutls.sh but he says it's given him mixed results.
The problems I had poking around with this is that gnutls can't hit any of the targets exactly. Typically because some suites either aren't supported or turning off some of the broken ones takes out stronger ones too.
Here's my best attempt at Intermediate:
%SERVER_PRECEDENCE:NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-3DES-CBC:-ARCFOUR-128:-ARCFOUR-40:-MD5
Can anyone provide the gnutls equivalent for old
and modern
?
We did a lot of work on this back in the IRC server setup days and, basically, our document is written assuming intersections that GnuTLS cannot provide. Primarily of concern was that cipher ordering is, on RHEL6 and prior, hard-coded into GnuTLS such that no matter what we indicated, clients would get something wrong and broken and fail to negotiate.
If y'all choose to proceed with addressing this issue, I strongly advise setting a minimum GnuTLS version to ensure that ordering is possible and supported. Otherwise, our specs break TLS when adapted to it.
This gnutls priority string
NONE:+VERS-TLS-ALL:+CHACHA20-POLY1305:+AES-128-GCM:+AES-256-GCM:+AES-128-CBC:+AES-256-CBC:+DHE-RSA:+ECDHE-RSA:+ECDHE-ECDSA:+3DES-CBC:+RSA:+SHA1:+SHA256:+SHA384:+AEAD
gave only one more ciphersuite:
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 TLS_DHE_RSA_3DES_EDE_CBC_SHA1
TLS_DHE_RSA_AES_128_CBC_SHA1 TLS_DHE_RSA_AES_128_CBC_SHA1
TLS_DHE_RSA_AES_128_CBC_SHA256 TLS_DHE_RSA_AES_128_CBC_SHA256
TLS_DHE_RSA_AES_128_GCM_SHA256 TLS_DHE_RSA_AES_128_GCM_SHA256
TLS_DHE_RSA_AES_256_CBC_SHA1 TLS_DHE_RSA_AES_256_CBC_SHA1
TLS_DHE_RSA_AES_256_CBC_SHA256 TLS_DHE_RSA_AES_256_CBC_SHA256
TLS_DHE_RSA_AES_256_GCM_SHA384 TLS_DHE_RSA_AES_256_GCM_SHA384
> TLS_DHE_RSA_CHACHA20_POLY1305
TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 TLS_ECDHE_ECDSA_CHACHA20_POLY1305
TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1
TLS_ECDHE_RSA_AES_128_CBC_SHA1 TLS_ECDHE_RSA_AES_128_CBC_SHA1
TLS_ECDHE_RSA_AES_128_CBC_SHA256 TLS_ECDHE_RSA_AES_128_CBC_SHA256
TLS_ECDHE_RSA_AES_128_GCM_SHA256 TLS_ECDHE_RSA_AES_128_GCM_SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA1 TLS_ECDHE_RSA_AES_256_CBC_SHA1
TLS_ECDHE_RSA_AES_256_CBC_SHA384 TLS_ECDHE_RSA_AES_256_CBC_SHA384
TLS_ECDHE_RSA_AES_256_GCM_SHA384 TLS_ECDHE_RSA_AES_256_GCM_SHA384
TLS_ECDHE_RSA_CHACHA20_POLY1305 TLS_ECDHE_RSA_CHACHA20_POLY1305
TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1
TLS_RSA_AES_128_CBC_SHA1 TLS_RSA_AES_128_CBC_SHA1
TLS_RSA_AES_128_CBC_SHA256 TLS_RSA_AES_128_CBC_SHA256
TLS_RSA_AES_128_GCM_SHA256 TLS_RSA_AES_128_GCM_SHA256
TLS_RSA_AES_256_CBC_SHA1 TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA256 TLS_RSA_AES_256_CBC_SHA256
TLS_RSA_AES_256_GCM_SHA384 TLS_RSA_AES_256_GCM_SHA384
(both sorted, left: Mozilla intermediate, right: this priority string)
This gave better order: NONE:+VERS-TLS-ALL:+CHACHA20-POLY1305:+AES-128-GCM:+AES-256-GCM:+AES-128-CBC:+AES-256-CBC:+ECDHE-ECDSA:+ECDHE-RSA:+DHE-RSA:+3DES-CBC:+RSA:+SHA1:+SHA256:+SHA384:+AEAD
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 TLS_ECDHE_ECDSA_CHACHA20_POLY1305
TLS_ECDHE_RSA_CHACHA20_POLY1305 <
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
TLS_ECDHE_RSA_AES_128_GCM_SHA256 <
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
TLS_ECDHE_RSA_AES_256_GCM_SHA384 <
TLS_DHE_RSA_AES_128_GCM_SHA256 <
TLS_DHE_RSA_AES_256_GCM_SHA384 <
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 <
TLS_ECDHE_RSA_AES_128_CBC_SHA256 <
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
TLS_ECDHE_RSA_AES_256_CBC_SHA384 | TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
TLS_ECDHE_RSA_AES_128_CBC_SHA1 <
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 <
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
> TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
> TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1
> TLS_ECDHE_RSA_CHACHA20_POLY1305
> TLS_ECDHE_RSA_AES_128_GCM_SHA256
> TLS_ECDHE_RSA_AES_256_GCM_SHA384
> TLS_ECDHE_RSA_AES_128_CBC_SHA1
> TLS_ECDHE_RSA_AES_128_CBC_SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA1 TLS_ECDHE_RSA_AES_256_CBC_SHA1
TLS_DHE_RSA_AES_128_CBC_SHA256 | TLS_ECDHE_RSA_AES_256_CBC_SHA384
> TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1
> TLS_DHE_RSA_CHACHA20_POLY1305
> TLS_DHE_RSA_AES_128_GCM_SHA256
> TLS_DHE_RSA_AES_256_GCM_SHA384
TLS_DHE_RSA_AES_128_CBC_SHA1 TLS_DHE_RSA_AES_128_CBC_SHA1
TLS_DHE_RSA_AES_256_CBC_SHA256 | TLS_DHE_RSA_AES_128_CBC_SHA256
TLS_DHE_RSA_AES_256_CBC_SHA1 TLS_DHE_RSA_AES_256_CBC_SHA1
TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 | TLS_DHE_RSA_AES_256_CBC_SHA256
TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 <
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 TLS_DHE_RSA_3DES_EDE_CBC_SHA1
TLS_RSA_AES_128_GCM_SHA256 TLS_RSA_AES_128_GCM_SHA256
TLS_RSA_AES_256_GCM_SHA384 TLS_RSA_AES_256_GCM_SHA384
TLS_RSA_AES_128_CBC_SHA256 <
TLS_RSA_AES_256_CBC_SHA256 <
TLS_RSA_AES_128_CBC_SHA1 TLS_RSA_AES_128_CBC_SHA1
> TLS_RSA_AES_128_CBC_SHA256
TLS_RSA_AES_256_CBC_SHA1 TLS_RSA_AES_256_CBC_SHA1
> TLS_RSA_AES_256_CBC_SHA256
TLS_RSA_3DES_EDE_CBC_SHA1 TLS_RSA_3DES_EDE_CBC_SHA1
(not sorted)
This priority string yields the same ciphersuites but different order: NORMAL:-AES-128-CCM:-AES-256-CCM:-CAMELLIA-128-GCM:-CAMELLIA-256-GCM:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
It would be nice to have a string for use with gnutls since it has a different set of ciphers available.