MozillaWiki

Security/Server Side TLS: Difference between revisions

Page Discussion

Security/Server Side TLS (view source)

Revision as of 22:07, 13 November 2013

5,870 bytes added ,  13 November 2013
Added conversion tool
(* Version 2.2: ulfr: Added IANA/OpenSSL/GnuTLS correspondence table)
(Added conversion tool)
Line 11: Line 11:
|-  
|-  
|  <span style="color:green;">'''READY'''</span> ||
|  <span style="color:green;">'''READY'''</span> ||
* Version 2.2: ulfr: Added IANA/OpenSSL/GnuTLS correspondence table
* Version 2.2: ulfr: Added IANA/OpenSSL/GnuTLS correspondence table and conversion tool
* Version 2.1: ulfr: RC4 vs 3DES discussion. r=joes r=tinfoil  
* Version 2.1: ulfr: RC4 vs 3DES discussion. r=joes r=tinfoil  
* Version 2: Public release. r=ulfr r=kang
* Version 2: Public release. r=ulfr r=kang
Line 1,333: Line 1,333:


The table above was generated with the script at https://github.com/jvehent/tlsnames
The table above was generated with the script at https://github.com/jvehent/tlsnames
== Conversion from OpenSSL to GnuTLS ==
Use the script at https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh to transform an OpenSSL ciphersuite into a GnuTLS one. Some ciphers might be discarded depending on the versions of OpenSSL and GnuTLS that are installed on your system.
<source lang="bash">
$ ./convert_openssl_to_gnutls.sh 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK'
0xC0,0x2F openssl:ECDHE-RSA-AES128-GCM-SHA256 gnutls:TLS_ECDHE_RSA_AES_128_GCM_SHA256
0xC0,0x2B openssl:ECDHE-ECDSA-AES128-GCM-SHA256 gnutls:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
0xC0,0x30 openssl:ECDHE-RSA-AES256-GCM-SHA384 gnutls:TLS_ECDHE_RSA_AES_256_GCM_SHA384
0xC0,0x2C openssl:ECDHE-ECDSA-AES256-GCM-SHA384 gnutls:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
0x00,0xA3 openssl:DHE-DSS-AES256-GCM-SHA384 gnutls:
0x00,0x9F openssl:DHE-RSA-AES256-GCM-SHA384 gnutls:
0x00,0xA2 openssl:DHE-DSS-AES128-GCM-SHA256 gnutls:TLS_DHE_DSS_AES_128_GCM_SHA256
0x00,0x9E openssl:DHE-RSA-AES128-GCM-SHA256 gnutls:TLS_DHE_RSA_AES_128_GCM_SHA256
0xC0,0x27 openssl:ECDHE-RSA-AES128-SHA256 gnutls:TLS_ECDHE_RSA_AES_128_CBC_SHA256
0xC0,0x23 openssl:ECDHE-ECDSA-AES128-SHA256 gnutls:TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
0xC0,0x13 openssl:ECDHE-RSA-AES128-SHA gnutls:TLS_ECDHE_RSA_AES_128_CBC_SHA1
0xC0,0x09 openssl:ECDHE-ECDSA-AES128-SHA gnutls:TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
0xC0,0x28 openssl:ECDHE-RSA-AES256-SHA384 gnutls:
0xC0,0x24 openssl:ECDHE-ECDSA-AES256-SHA384 gnutls:TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
0xC0,0x14 openssl:ECDHE-RSA-AES256-SHA gnutls:TLS_ECDHE_RSA_AES_256_CBC_SHA1
0xC0,0x0A openssl:ECDHE-ECDSA-AES256-SHA gnutls:TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
0x00,0x67 openssl:DHE-RSA-AES128-SHA256 gnutls:TLS_DHE_RSA_AES_128_CBC_SHA256
0x00,0x33 openssl:DHE-RSA-AES128-SHA gnutls:TLS_DHE_RSA_AES_128_CBC_SHA1
0x00,0x6B openssl:DHE-RSA-AES256-SHA256 gnutls:TLS_DHE_RSA_AES_256_CBC_SHA256
0x00,0x38 openssl:DHE-DSS-AES256-SHA gnutls:TLS_DHE_DSS_AES_256_CBC_SHA1
0x00,0x9C openssl:AES128-GCM-SHA256 gnutls:TLS_RSA_AES_128_GCM_SHA256
0x00,0x9D openssl:AES256-GCM-SHA384 gnutls:
0xC0,0x11 openssl:ECDHE-RSA-RC4-SHA gnutls:
0xC0,0x07 openssl:ECDHE-ECDSA-RC4-SHA gnutls:
0x00,0x05 openssl:RC4-SHA gnutls:TLS_RSA_ARCFOUR_SHA1
0x00,0x6A openssl:DHE-DSS-AES256-SHA256 gnutls:TLS_DHE_DSS_AES_256_CBC_SHA256
0x00,0x39 openssl:DHE-RSA-AES256-SHA gnutls:TLS_DHE_RSA_AES_256_CBC_SHA1
0x00,0x88 openssl:DHE-RSA-CAMELLIA256-SHA gnutls:TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
0x00,0x87 openssl:DHE-DSS-CAMELLIA256-SHA gnutls:TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
0xC0,0x32 openssl:ECDH-RSA-AES256-GCM-SHA384 gnutls:
0xC0,0x2E openssl:ECDH-ECDSA-AES256-GCM-SHA384 gnutls:
0xC0,0x2A openssl:ECDH-RSA-AES256-SHA384 gnutls:
0xC0,0x26 openssl:ECDH-ECDSA-AES256-SHA384 gnutls:
0xC0,0x0F openssl:ECDH-RSA-AES256-SHA gnutls:
0xC0,0x05 openssl:ECDH-ECDSA-AES256-SHA gnutls:
0x00,0x3D openssl:AES256-SHA256 gnutls:TLS_RSA_AES_256_CBC_SHA256
0x00,0x35 openssl:AES256-SHA gnutls:TLS_RSA_AES_256_CBC_SHA1
0x00,0x84 openssl:CAMELLIA256-SHA gnutls:TLS_RSA_CAMELLIA_256_CBC_SHA1
0x00,0x40 openssl:DHE-DSS-AES128-SHA256 gnutls:TLS_DHE_DSS_AES_128_CBC_SHA256
0x00,0x32 openssl:DHE-DSS-AES128-SHA gnutls:TLS_DHE_DSS_AES_128_CBC_SHA1
0x00,0x45 openssl:DHE-RSA-CAMELLIA128-SHA gnutls:TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
0x00,0x44 openssl:DHE-DSS-CAMELLIA128-SHA gnutls:TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
0xC0,0x31 openssl:ECDH-RSA-AES128-GCM-SHA256 gnutls:
0xC0,0x2D openssl:ECDH-ECDSA-AES128-GCM-SHA256 gnutls:
0xC0,0x29 openssl:ECDH-RSA-AES128-SHA256 gnutls:
0xC0,0x25 openssl:ECDH-ECDSA-AES128-SHA256 gnutls:
0xC0,0x0E openssl:ECDH-RSA-AES128-SHA gnutls:
0xC0,0x04 openssl:ECDH-ECDSA-AES128-SHA gnutls:
0x00,0x3C openssl:AES128-SHA256 gnutls:TLS_RSA_AES_128_CBC_SHA256
0x00,0x2F openssl:AES128-SHA gnutls:TLS_RSA_AES_128_CBC_SHA1
0x00,0x41 openssl:CAMELLIA128-SHA gnutls:TLS_RSA_CAMELLIA_128_CBC_SHA1
GnuTLS ciphersuite:
TLS_ECDHE_RSA_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_AES_256_GCM_SHA384:TLS_DHE_DSS_AES_128_GCM_SHA256:TLS_DHE_RSA_AES_128_GCM_SHA256:TLS_ECDHE_RSA_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_AES_128_CBC_SHA256:TLS_ECDHE_RSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_128_CBC_SHA1:TLS_ECDHE_ECDSA_AES_256_CBC_SHA384:TLS_ECDHE_RSA_AES_256_CBC_SHA1:TLS_ECDHE_ECDSA_AES_256_CBC_SHA1:TLS_DHE_RSA_AES_128_CBC_SHA256:TLS_DHE_RSA_AES_128_CBC_SHA1:TLS_DHE_RSA_AES_256_CBC_SHA256:TLS_DHE_DSS_AES_256_CBC_SHA1:TLS_RSA_AES_128_GCM_SHA256:TLS_RSA_ARCFOUR_SHA1:TLS_DHE_DSS_AES_256_CBC_SHA256:TLS_DHE_RSA_AES_256_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_256_CBC_SHA1:TLS_RSA_AES_256_CBC_SHA256:TLS_RSA_AES_256_CBC_SHA1:TLS_RSA_CAMELLIA_256_CBC_SHA1:TLS_DHE_DSS_AES_128_CBC_SHA256:TLS_DHE_DSS_AES_128_CBC_SHA1:TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1:TLS_DHE_DSS_CAMELLIA_128_CBC_SHA1:TLS_RSA_AES_128_CBC_SHA256:TLS_RSA_AES_128_CBC_SHA1:TLS_RSA_CAMELLIA_128_CBC_SHA1
Ciphers known to OpenSSL but not present in GnuTLS
DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA
</source>
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/761015"