Appendix D.  GnuTLS priority strings
Prev Part IV.  Appendixes  Next

Appendix D.  GnuTLS priority strings

Table of Contents

D.1. Standard configuration
D.1.1. Cipher suites
D.1.2. Protocols
D.1.3. Ciphers
D.1.4. MACs
D.1.5. Key Exchange Algorithms
D.1.6. Groups
D.1.7. PK-signatures
D.2. Available algorithms
D.2.1. Cipher suites
D.2.2. Certificate types
D.2.3. Protocols
D.2.4. Ciphers
D.2.5. MACs
D.2.6. Digests
D.2.7. Key exchange algorithms
D.2.8. Compression
D.2.9. Groups
D.2.10. Public Key Systems
D.2.11. PK-signatures

ThinLinc uses priority strings to allow the administrator to select their own preferred availability and order of algorithms used by GnuTLS for services that uses tlstunnel. The priority string is a colon-delimited list of strings being either keywords (groups of algorithms) or algorithms which can be individually enabled or disabled.

For more information, see the GnuTLS documentation about priority strings.

D.1.  Standard configuration

ThinLinc comes configured with the priority string "NORMAL", which means the standard, secure GnuTLS algorithms. This is the order and availability of algorithms for that priority string.

D.1.1. Cipher suites

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_SHA256
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_CHACHA20_POLY1305
TLS_ECDHE_ECDSA_AES_256_CCM
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_AES_128_CCM
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
TLS_ECDHE_RSA_AES_256_GCM_SHA384
TLS_ECDHE_RSA_CHACHA20_POLY1305
TLS_ECDHE_RSA_AES_256_CBC_SHA1
TLS_ECDHE_RSA_AES_128_GCM_SHA256
TLS_ECDHE_RSA_AES_128_CBC_SHA1
TLS_RSA_AES_256_GCM_SHA384
TLS_RSA_AES_256_CCM
TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_128_GCM_SHA256
TLS_RSA_AES_128_CCM
TLS_RSA_AES_128_CBC_SHA1
TLS_DHE_RSA_AES_256_GCM_SHA384
TLS_DHE_RSA_CHACHA20_POLY1305
TLS_DHE_RSA_AES_256_CCM
TLS_DHE_RSA_AES_256_CBC_SHA1
TLS_DHE_RSA_AES_128_GCM_SHA256
TLS_DHE_RSA_AES_128_CCM
TLS_DHE_RSA_AES_128_CBC_SHA1

D.1.2. Protocols

 VERS-TLS1.3
 VERS-TLS1.2
 VERS-TLS1.1
 VERS-TLS1.0
 VERS-DTLS1.2
 VERS-DTLS1.0

D.1.3. Ciphers

 AES-256-GCM
 CHACHA20-POLY1305
 AES-256-CCM
 AES-256-CBC
 AES-128-GCM
 AES-128-CCM
 AES-128-CBC

D.1.4. MACs

 SHA1
 AEAD

D.1.5. Key Exchange Algorithms

 ECDHE-ECDSA
 ECDHE-RSA
 RSA
 DHE-RSA

D.1.6. Groups

 GROUP-SECP256R1
 GROUP-SECP384R1
 GROUP-SECP521R1
 GROUP-X25519
 GROUP-FFDHE2048
 GROUP-FFDHE3072
 GROUP-FFDHE4096
 GROUP-FFDHE6144
 GROUP-FFDHE8192

D.1.7. PK-signatures

 SIGN-RSA-SHA256
 SIGN-RSA-PSS-SHA256
 SIGN-RSA-PSS-RSAE-SHA256
 SIGN-ECDSA-SHA256
 SIGN-ECDSA-SECP256R1-SHA256
 SIGN-EdDSA-Ed25519
 SIGN-RSA-SHA384
 SIGN-RSA-PSS-SHA384
 SIGN-RSA-PSS-RSAE-SHA384
 SIGN-ECDSA-SHA384
 SIGN-ECDSA-SECP384R1-SHA384
 SIGN-RSA-SHA512
 SIGN-RSA-PSS-SHA512
 SIGN-RSA-PSS-RSAE-SHA512
 SIGN-ECDSA-SHA512
 SIGN-ECDSA-SECP521R1-SHA512
 SIGN-RSA-SHA1
 SIGN-ECDSA-SHA1
Prev Up Next
C.5.  Disabling local drives  Home D.2.  Available algorithms