[gnutls-help] Priority strings, changing available ciphers

Sander Smeenk ssmeenk at freshdot.net
Mon Jun 1 15:35:53 CEST 2026 

Hi,

I'm having a hard time figuring out 'priority strings' to disable
certain cipher suites that are no longer deemed secure.

GnuTLS 3.8.3, Exim 4.98.

My current priority string is:
   '-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:PFS:SECURE256:%SERVER_PRECEDENCE'

First off, running `gnutls-cli --list --priority ...` on that string
shows eight TLS1.0 ciphers in the list. I would not expect that, given
-VERS-ALL and only 1.2 and 1.3 being enabled again.

According to 'sslyze', this results in these ciphers on my MX:
| * TLS 1.2 Cipher Suites:
|  TLS_RSA_WITH_AES_256_GCM_SHA384               256                 
|  TLS_RSA_WITH_AES_256_CCM                      256                 
|  TLS_RSA_WITH_AES_256_CBC_SHA                  256                 
|  TLS_RSA_WITH_AES_128_GCM_SHA256               128                 
|  TLS_RSA_WITH_AES_128_CCM                      128                 
|  TLS_RSA_WITH_AES_128_CBC_SHA                  128                 
|  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   256  ECDH: secp256r1 (256 bits)
|  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         256  ECDH: secp256r1 (256 bits)
|  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            256  ECDH: secp256r1 (256 bits)
|  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         128  ECDH: secp256r1 (256 bits)
|  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            128  ECDH: secp256r1 (256 bits)
|  TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     256  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           256  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_256_CCM                  256  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_256_CBC_SHA              256  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           128  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_128_CCM                  128  DH (3072 bits) 
|  TLS_DHE_RSA_WITH_AES_128_CBC_SHA              128  DH (3072 bits) 
|
| * TLS 1.3 Cipher Suites:
|  TLS_CHACHA20_POLY1305_SHA256    256  ECDH: secp256r1 (256 bits)
|  TLS_AES_256_GCM_SHA384          256  ECDH: secp256r1 (256 bits)
|  TLS_AES_128_GCM_SHA256          128  ECDH: secp256r1 (256 bits)
|  TLS_AES_128_CCM_SHA256          128  ECDH: secp256r1 (256 bits)

>From this list i want to disable these ciphers:
| TLS_DHE_RSA_AES_256_CBC_SHA1       0x00, 0x39  TLS1.0
| TLS_DHE_RSA_AES_128_CBC_SHA1       0x00, 0x33  TLS1.0
| TLS_ECDHE_RSA_AES_256_CBC_SHA1     0xc0, 0x14  TLS1.0
| TLS_ECDHE_RSA_AES_128_CBC_SHA1     0xc0, 0x13  TLS1.0
| TLS_RSA_AES_256_GCM_SHA384         0x00, 0x9d  TLS1.2
| TLS_RSA_AES_256_CCM                0xc0, 0x9d  TLS1.2
| TLS_RSA_AES_256_CBC_SHA1           0x00, 0x35  TLS1.0
| TLS_RSA_AES_128_GCM_SHA256         0x00, 0x9c  TLS1.2
| TLS_RSA_AES_128_CCM                0xc0, 0x9c  TLS1.2
| TLS_RSA_AES_128_CBC_SHA1           0x00, 0x2f  TLS1.0

But i seem to only have 'coarse' controls over the available cipher suite.
For example i can only '-AES-256-GCM', which removes five ciphers from
the set. Not just the RSA_AES_256_SHA384 one.

Am i right to note that GnuTLS does not allow for such intricate
configuration of available ciphers?

Hope to hear from somone,

Kind regards,
-Sander Smeenk.
-- 
| Zebras are colored with light stripes on a dark background.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

More information about the Gnutls-help mailing list