GNUTLS: Difference between revisions
From Lolly's Wiki
Jump to navigationJump to search
| Line 6: | Line 6: | ||
For example the ciphers that are defined secure for perfect forward secrecy in that document are: | For example the ciphers that are defined secure for perfect forward secrecy in that document are: | ||
{| class="wikitable" | {| class="wikitable" | ||
| Cipher-Suite | |- | ||
! scope="col"| Cipher-Suite | |||
! scope="col"| IANA-No. | |||
! scope="col"| Refenrenced | |||
! scope="col"| Usable until | |||
|- | |- | ||
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 || 0xC0,0x23 || [RFC5289] || 2027+ | | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 || 0xC0,0x23 || [RFC5289] || 2027+ | ||
Revision as of 20:29, 9 February 2022
Match the required ciphers for the German BSI
For example the ciphers that are defined secure for perfect forward secrecy in that document are:
| Cipher-Suite | IANA-No. | Refenrenced | Usable until |
|---|---|---|---|
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | 0xC0,0x23 | [RFC5289] | 2027+ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | 0xC0,0x24 | [RFC5289] | 2027+ |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | 0xC0,0x2B | [RFC5289] | 2027+ |
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | 0xC0,0x2C | [RFC5289] | 2027+ |
| TLS_ECDHE_ECDSA_WITH_AES_128_CCM | 0xC0,0xAC | [RFC7251] | 2027+ |
| TLS_ECDHE_ECDSA_WITH_AES_256_CCM | 0xC0,0xAD | [RFC7251] | 2027+ |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | 0xC0,0x27 | [RFC5289] | 2027+ |
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | 0xC0,0x28 | [RFC5289] | 2027+ |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | 0xC0,0x2F | [RFC5289] | 2027+ |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | 0xC0,0x30 | [RFC5289] | 2027+ |
| TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | 0x00,0x40 | [RFC5246] | 2027+ |
| TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | 0x00,0x6A | [RFC5246] | 2027+ |
| TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | 0x00,0xA2 | [RFC5288] | 2027+ |
| TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | 0x00,0xA3 | [RFC5288] | 2027+ |
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | 0x00,0x67 | [RFC5246] | 2027+ |
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | 0x00,0x6B | [RFC5246] | 2027+ |
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | 0x00,0x9E | [RFC5288] | 2027+ |
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | 0x00,0x9F | [RFC5288] | 2027+ |
| TLS_DHE_RSA_WITH_AES_128_CCM | 0xC0,0x9E | [RFC6655] | 2027+ |
| TLS_DHE_RSA_WITH_AES_256_CCM | 0xC0,0x9F | [RFC6655] | 2027+ |
The key to the table is: TLS_(key exchange algorithms)_WITH_(ciphers)_(hash algorithms)
So to build a definition for GnuTLS that matches this requirements is:
- Some basic security settings: %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS
- Disable defaults, enable only TLSv1.2: -VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL
- Set the key exchange algorithms: +ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA
- Set the ciphers: +AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM
- Set the hash algorithms: +SHA256:+SHA384
- Set the wanted curves from the document above: +CURVE-SECP256R1:+CURVE-SECP384R1
- Set the signature algorithm used in your certificate: +SIGN-RSA-SHA256
And now put ist all together and let us see what happens:
$ gnutls-cli --list CIPHER --priority '%SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+SHA256:+SHA384:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256'
Cipher suites for %SERVER_PRECEDENCE:%LATEST_RECORD_VERSION:PFS:-VERS-TLS-ALL:+VERS-TLS1.2:-VERS-DTLS-ALL:-CIPHER-ALL:-KX-ALL:-MAC-ALL:-CURVE-ALL:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+AES-256-GCM:+AES-128-GCM:+SHA256:+SHA384:+CURVE-SECP256R1:+CURVE-SECP384R1:+SIGN-RSA-SHA256
TLS_ECDHE_RSA_AES_256_CBC_SHA384 0xc0, 0x28 TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA256 0xc0, 0x27 TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 0xc0, 0x23 TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
TLS_DHE_DSS_AES_128_CBC_SHA256 0x00, 0x40 TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2
Certificate types: CTYPE-X.509
Protocols: VERS-TLS1.2
Compression: COMP-NULL
Elliptic curves: CURVE-SECP256R1, CURVE-SECP384R1
PK-signatures: SIGN-RSA-SHA256, SIGN-ECDSA-SHA256, SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512, SIGN-RSA-SHA224, SIGN-ECDSA-SHA224, SIGN-RSA-SHA1, SIGN-ECDSA-SHA1
As you can see it is not all what we would expect, but is faces all what is implemented and can be used with our restrictions in GnuTLS. As far as I know: that's it!
