GNUTLS: Difference between revisions

From Lolly's Wiki
Jump to navigationJump to search
Line 59: Line 59:
# Disable defaults, enable only TLSv1.2: -VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL
# Disable defaults, enable only TLSv1.2: -VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL
# Set the key exchange algorithms: +ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA
# Set the key exchange algorithms: +ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA
# Set the ciphers: +AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM
# Set the ciphers: +AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305(used by google mail, so I needed it as well)
# Set the hash algorithms: +SHA256:+SHA384
# Set the hash algorithms: +SHA256:+SHA384:+AEAD (The +AEAD is something that is not directly seen be the list above
, but you need it for GCM)
# Set the wanted curves from the document above: +CURVE-SECP256R1:+CURVE-SECP384R1
# Set the wanted curves from the document above: +CURVE-SECP256R1:+CURVE-SECP384R1
# Set the signature algorithm used in your certificate: +SIGN-RSA-SHA256
# Set the signature algorithm used in your certificate: +SIGN-RSA-SHA256 for me


And now put ist all together and let us see what happens:
And now put ist all together and let us see what happens:
<syntaxhighlight lang=bash>
<syntaxhighlight lang=bash>
$ gnutls-cli --list CIPHER --priority '%SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+SHA256:+SHA384:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256'
$ gnutls-cli --list CIPHER --priority '%SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256'
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+SHA256:+SHA384:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA384                  0xc0, 0x28 TLS1.2
TLS_ECDHE_RSA_AES_256_CBC_SHA384                  0xc0, 0x28 TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256                  0xc0, 0x27 TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256                  0xc0, 0x27 TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                  0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256                0xc0, 0x23 TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256                0xc0, 0x23 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                0xc0, 0x2c TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                0xcc, 0xa9 TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                    0x00, 0x6a TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                    0x00, 0x6a TLS1.2
TLS_DHE_DSS_AES_128_CBC_SHA256                    0x00, 0x40 TLS1.2
TLS_DHE_DSS_AES_128_CBC_SHA256                    0x00, 0x40 TLS1.2
TLS_DHE_DSS_AES_256_GCM_SHA384                    0x00, 0xa3 TLS1.2
TLS_DHE_DSS_AES_128_GCM_SHA256                    0x00, 0xa2 TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                    0x00, 0x6b TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                    0x00, 0x6b TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA256                    0x00, 0x67 TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA256                    0x00, 0x67 TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384                    0x00, 0x9f TLS1.2
TLS_DHE_RSA_AES_128_GCM_SHA256                    0x00, 0x9e TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305                    0xcc, 0xaa TLS1.2


Certificate types: CTYPE-X.509
Certificate types: CTYPE-X.509
Line 81: Line 93:
Compression: COMP-NULL
Compression: COMP-NULL
Elliptic curves: CURVE-SECP256R1, CURVE-SECP384R1
Elliptic curves: CURVE-SECP256R1, CURVE-SECP384R1
PK-signatures: SIGN-RSA-SHA256, SIGN-ECDSA-SHA256, SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512, SIGN-RSA-SHA224, SIGN-ECDSA-SHA224, SIGN-RSA-SHA1, SIGN-ECDSA-SHA1
PK-signatures: SIGN-RSA-SHA256
</syntaxhighlight>
</syntaxhighlight>
As you can see it is not all what we would expect, but is faces all what is implemented and can be used with our restrictions in GnuTLS.
As you can see it is not all what we would expect, but is faces all what is implemented and can be used with our restrictions in GnuTLS.
As far as I know: that's it!
As far as I know: that's it!

Revision as of 09:34, 14 February 2022


Match the required ciphers for the German BSI

For example the ciphers that are defined secure for perfect forward secrecy in that document are:

Cipher-Suite IANA-No. Refenrenced Usable until
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC0,0x23 [RFC5289] 2027+
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC0,0x24 [RFC5289] 2027+
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC0,0x2B [RFC5289] 2027+
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC0,0x2C [RFC5289] 2027+
TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0,0xAC [RFC7251] 2027+
TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0,0xAD [RFC7251] 2027+
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC0,0x27 [RFC5289] 2027+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC0,0x28 [RFC5289] 2027+
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC0,0x2F [RFC5289] 2027+
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC0,0x30 [RFC5289] 2027+
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x00,0x40 [RFC5246] 2027+
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x00,0x6A [RFC5246] 2027+
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00,0xA2 [RFC5288] 2027+
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 0x00,0xA3 [RFC5288] 2027+
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x00,0x67 [RFC5246] 2027+
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x00,0x6B [RFC5246] 2027+
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x00,0x9E [RFC5288] 2027+
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x00,0x9F [RFC5288] 2027+
TLS_DHE_RSA_WITH_AES_128_CCM 0xC0,0x9E [RFC6655] 2027+
TLS_DHE_RSA_WITH_AES_256_CCM 0xC0,0x9F [RFC6655] 2027+

The key to the table is: TLS_(key exchange algorithms)_WITH_(ciphers)_(hash algorithms)

So to build a definition for GnuTLS that matches this requirements is:

  1. Some basic security settings: %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS
  2. Disable defaults, enable only TLSv1.2: -VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL
  3. Set the key exchange algorithms: +ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA
  4. Set the ciphers: +AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305(used by google mail, so I needed it as well)
  5. Set the hash algorithms: +SHA256:+SHA384:+AEAD (The +AEAD is something that is not directly seen be the list above

, but you need it for GCM)

  1. Set the wanted curves from the document above: +CURVE-SECP256R1:+CURVE-SECP384R1
  2. Set the signature algorithm used in your certificate: +SIGN-RSA-SHA256 for me

And now put ist all together and let us see what happens:

$ gnutls-cli --list CIPHER --priority '%SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256'
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-KX-ALL:-CIPHER-ALL:-MAC-ALL:-CURVE-ALL:-SIGN-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+SHA256:+SHA384:+AEAD:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA384                  	0xc0, 0x28	TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256                  	0xc0, 0x27	TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  	0xc0, 0x30	TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  	0xc0, 0x2f	TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                   	0xcc, 0xa8	TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                	0xc0, 0x24	TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256                	0xc0, 0x23	TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                	0xc0, 0x2c	TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                	0xc0, 0x2b	TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                 	0xcc, 0xa9	TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256                    	0x00, 0x6a	TLS1.2
TLS_DHE_DSS_AES_128_CBC_SHA256                    	0x00, 0x40	TLS1.2
TLS_DHE_DSS_AES_256_GCM_SHA384                    	0x00, 0xa3	TLS1.2
TLS_DHE_DSS_AES_128_GCM_SHA256                    	0x00, 0xa2	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256                    	0x00, 0x6b	TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA256                    	0x00, 0x67	TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384                    	0x00, 0x9f	TLS1.2
TLS_DHE_RSA_AES_128_GCM_SHA256                    	0x00, 0x9e	TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305                     	0xcc, 0xaa	TLS1.2

Certificate types: CTYPE-X.509
Protocols: VERS-TLS1.2
Compression: COMP-NULL
Elliptic curves: CURVE-SECP256R1, CURVE-SECP384R1
PK-signatures: SIGN-RSA-SHA256

As you can see it is not all what we would expect, but is faces all what is implemented and can be used with our restrictions in GnuTLS. As far as I know: that's it!