[gnutls-devel] cipher suites

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Oct 13 17:22:26 CEST 2013

On Sun, Oct 13, 2013 at 3:36 PM, Stefan Bühler <stbuehler at lighttpd.net> wrote:
> Hi again,

> Ok. So I did some research to find all not supported ciphersuites
> (using the list from debian unstable, gnutls 3.2.4), and grouped them.

Thanks, that's a nice list. I'll check more thoroughly the next few
days. I'll now only answer for the ones that there is a reason for not
being there.

> exist but are unused, DES40 doesn't exist):

I removed them on purpose with gnutls 3.2. There is no longer a reason
for the export ciphersuites and if used they are most probably used in
a downgrade attack.

> DES cipher (GNUTLS_CIPHER_DES_CBC exists, but isn't used):

We never added this, as DES was introduced in TLS pretty much the same
time the export controls were lifted and 3DES was a better choice.

> IDEA cipher:

Too old cipher and I don't think there is any reason to use it today.

> SEED cipher:

We don't have seed in nettle. It could be considered if there is a
need for this cipher.

> AES-CCM ciphers:

AES-CCM is a very inefficient mode of AES. Currently we have AES-GCM
which is quite better. We could add it if there is a reason for it.

> ARIA cipher:
Same as seed.

> DH_DSS and DH_RSA key exchange:

No-one uses static DH keys. I don't think anyone ever did. The data
from the SSL observatory show 0 certificates using static DH keys on
the Internet. This is the reason we never supported them.

> ECDH_ECDSA and ECDH_RSA key exchange:

The same as static DH keys.


More information about the Gnutls-devel mailing list