[Help-gnutls] Re: List of supported CipherSuite and CompressionMethod
Simon Josefsson
simon at josefsson.org
Wed Jun 25 17:24:43 CEST 2008
"Richard Hartmann" <richih.mailinglist at gmail.com> writes:
> Hi all,
>
> I was wondering if there is a list of all CipherSuite[s] and
> CompressionMethod[s] supported by GNUTLS. At this point,
> I would prefer not to go through the code to get an answer, but
> if you guys would point me at a file name, I would gladly take
> that, as well :)
Hi. You can run 'gnutls-cli -l' to check what your particular
library/tool can support, but if you want to check the source see:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/gnutls_algorithms.c;hb=HEAD
The array with all supported ciphersuites is cs_algorithms.
Output from my 'gnutls-cli -l' is below.
> Additionally, I am wondering if the compression API will likely
> change at some point as is the case with OpenSSL.
The compression API is pretty minimal (get names of compression modes,
and to enable/disable whether to use it, etc). Looking over the APIs
involved, I can say that these functions will continue to work the same
for many years the very least. No changes in that area is planned that
I know of. Finally, I don't recall any changes in this area as long as
I have been involved. LZO compression was disabled in the last release,
but it doesn't affect the API, and you probably don't want LZO anyway
because it is non-standard.
/Simon
jas at mocca:~$ gnutls-cli -v
gnutls-cli (GnuTLS) 2.4.0
jas at mocca:~$ gnutls-cli -l
Cipher suites:
TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0
TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0
TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0
TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0
TLS_ANON_DH_CAMELLIA_128_CBC_SHA1 0x00, 0x46 TLS1.0
TLS_ANON_DH_CAMELLIA_256_CBC_SHA1 0x00, 0x89 TLS1.0
TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0
TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0
TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0
TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0
TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0
TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0
TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0
TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0
TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0
TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0
TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0
TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0
TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0
TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0
TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0
TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0
TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0
TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0
TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0
TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0
TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0
TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 0x00, 0x44 TLS1.0
TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 0x00, 0x87 TLS1.0
TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0
TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0
TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x45 TLS1.0
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x88 TLS1.0
TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0
TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL3.0
TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0
TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0
TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0
TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0
TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0
TLS_RSA_CAMELLIA_128_CBC_SHA1 0x00, 0x41 TLS1.0
TLS_RSA_CAMELLIA_256_CBC_SHA1 0x00, 0x84 TLS1.0
Certificate types: X.509, OPENPGP
Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2
Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, ARCFOUR-40, RC2-40, CAMELLIA-256-CBC, CAMELLIA-128-CBC, NULL
MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL
Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS, SRP-RSA, SRP, PSK, DHE-PSK
Compression: DEFLATE, NULL
jas at mocca:~$
More information about the Gnutls-help
mailing list