Brad Hards <[email protected]> writes: > On Tuesday 01 September 2009 20:07:29 Tang Tong-A21500 wrote: >> As title. > Revision to my previous advice, after catching up on my gnutls-devel mailing > list mail. It appears that gnutls now has SHA2.
Correct, but only on the experimental v2.9.x branch. Once we have confirmed that server-side TLS 1.2 is working, I want to release it as a stable branch and enable TLS 1.2 by default. We've delayed proper TLS 1.2 support long enough already. /Simon > [br...@conferta src]$ ./gnutls-cli --list > Cipher suites: > TLS_ANON_DH_ARCFOUR_MD5 0x00, 0x18 SSL3.0 > TLS_ANON_DH_3DES_EDE_CBC_SHA1 0x00, 0x1b SSL3.0 > TLS_ANON_DH_AES_128_CBC_SHA1 0x00, 0x34 SSL3.0 > TLS_ANON_DH_AES_256_CBC_SHA1 0x00, 0x3a SSL3.0 > TLS_ANON_DH_AES_128_CBC_SHA256 0x00, 0x6c TLS1.2 > TLS_ANON_DH_AES_256_CBC_SHA256 0x00, 0x6d TLS1.2 > TLS_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8a TLS1.0 > TLS_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8b TLS1.0 > TLS_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x8c TLS1.0 > TLS_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x8d TLS1.0 > TLS_DHE_PSK_SHA_ARCFOUR_SHA1 0x00, 0x8e TLS1.0 > TLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 0x00, 0x8f TLS1.0 > TLS_DHE_PSK_SHA_AES_128_CBC_SHA1 0x00, 0x90 TLS1.0 > TLS_DHE_PSK_SHA_AES_256_CBC_SHA1 0x00, 0x91 TLS1.0 > TLS_SRP_SHA_3DES_EDE_CBC_SHA1 0xc0, 0x1a TLS1.0 > TLS_SRP_SHA_AES_128_CBC_SHA1 0xc0, 0x1d TLS1.0 > TLS_SRP_SHA_AES_256_CBC_SHA1 0xc0, 0x20 TLS1.0 > TLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 0xc0, 0x1c TLS1.0 > TLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 0xc0, 0x1b TLS1.0 > TLS_SRP_SHA_DSS_AES_128_CBC_SHA1 0xc0, 0x1f TLS1.0 > TLS_SRP_SHA_RSA_AES_128_CBC_SHA1 0xc0, 0x1e TLS1.0 > TLS_SRP_SHA_DSS_AES_256_CBC_SHA1 0xc0, 0x22 TLS1.0 > TLS_SRP_SHA_RSA_AES_256_CBC_SHA1 0xc0, 0x21 TLS1.0 > TLS_DHE_DSS_ARCFOUR_SHA1 0x00, 0x66 TLS1.0 > TLS_DHE_DSS_3DES_EDE_CBC_SHA1 0x00, 0x13 SSL3.0 > TLS_DHE_DSS_AES_128_CBC_SHA1 0x00, 0x32 SSL3.0 > TLS_DHE_DSS_AES_256_CBC_SHA1 0x00, 0x38 SSL3.0 > TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2 > TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2 > TLS_DHE_RSA_3DES_EDE_CBC_SHA1 0x00, 0x16 SSL3.0 > TLS_DHE_RSA_AES_128_CBC_SHA1 0x00, 0x33 SSL3.0 > TLS_DHE_RSA_AES_256_CBC_SHA1 0x00, 0x39 SSL3.0 > TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2 > TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2 > TLS_RSA_NULL_MD5 0x00, 0x01 SSL3.0 > TLS_RSA_EXPORT_ARCFOUR_40_MD5 0x00, 0x03 SSL3.0 > TLS_RSA_ARCFOUR_SHA1 0x00, 0x05 SSL3.0 > TLS_RSA_ARCFOUR_MD5 0x00, 0x04 SSL3.0 > TLS_RSA_3DES_EDE_CBC_SHA1 0x00, 0x0a SSL3.0 > TLS_RSA_AES_128_CBC_SHA1 0x00, 0x2f SSL3.0 > TLS_RSA_AES_256_CBC_SHA1 0x00, 0x35 SSL3.0 > TLS_RSA_AES_128_CBC_SHA256 0x00, 0x3c TLS1.2 > TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2 > Certificate types: X.509, OPENPGP > Protocols: SSL3.0, TLS1.0, TLS1.1, TLS1.2 > Ciphers: AES-256-CBC, AES-128-CBC, 3DES-CBC, DES-CBC, ARCFOUR-128, > ARCFOUR-40, > RC2-40, NULL > MACs: SHA1, MD5, SHA256, SHA384, SHA512, MD2, RIPEMD160, NULL > Key exchange algorithms: ANON-DH, RSA, RSA-EXPORT, DHE-RSA, DHE-DSS, SRP-DSS, > SRP-RSA, SRP, PSK, DHE-PSK > Compression: DEFLATE, NULL > Public Key Systems: RSA, DSA > PK-signatures: RSA-SHA, RSA-SHA256, RSA-SHA384, RSA-SHA512, RSA-RMD160, DSA- > SHA, RSA-MD5, RSA-MD2 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
