Appendix E. GnuTLS priority strings

Table of Contents

E.1. Standard configuration
E.1.1. Cipher suites
E.1.2. Certificate types
E.1.3. Protocols
E.1.4. Compression
E.1.5. Elliptic curves
E.1.6. PK-signatures
E.2. Available algorithms
E.2.1. Cipher suites
E.2.2. Certificate types
E.2.3. Protocols
E.2.4. Ciphers
E.2.5. MACs
E.2.6. Digests
E.2.7. Key exchange algorithms
E.2.8. Compression
E.2.9. Elliptic curves
E.2.10. Public Key Systems
E.2.11. PK-signatures

ThinLinc uses priority strings to allow the administrator to select their own preferred availability and order of algorithms used by GnuTLS for services that uses tlstunnel. The priority string is a colon-delimited list of strings being either keywords (groups of algorithms) or algorithms which can be individually enabled or disabled.

For more information, see the GnuTLS documentation about priority strings.

E.1. Standard configuration

ThinLinc comes configured with the priority string "NORMAL:-VERS-SSL3.0", which means the standard, secure GnuTLS algorithms with the exception of SSL 3.0. This is the order and availability of algorithms for that priority string.

E.1.1. Cipher suites

TLS_ECDHE_ECDSA_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_ECDSA_CHACHA20_POLY1305
TLS_ECDHE_ECDSA_AES_256_CCM
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_ECDSA_AES_128_CCM
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256
TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1
TLS_ECDHE_RSA_AES_256_GCM_SHA384
TLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_RSA_CHACHA20_POLY1305
TLS_ECDHE_RSA_AES_256_CBC_SHA1
TLS_ECDHE_RSA_AES_256_CBC_SHA384
TLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_RSA_AES_128_GCM_SHA256
TLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256
TLS_ECDHE_RSA_AES_128_CBC_SHA1
TLS_ECDHE_RSA_AES_128_CBC_SHA256
TLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256
TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1
TLS_RSA_AES_256_GCM_SHA384
TLS_RSA_CAMELLIA_256_GCM_SHA384
TLS_RSA_AES_256_CCM
TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA256
TLS_RSA_CAMELLIA_256_CBC_SHA1
TLS_RSA_CAMELLIA_256_CBC_SHA256
TLS_RSA_AES_128_GCM_SHA256
TLS_RSA_CAMELLIA_128_GCM_SHA256
TLS_RSA_AES_128_CCM
TLS_RSA_AES_128_CBC_SHA1
TLS_RSA_AES_128_CBC_SHA256
TLS_RSA_CAMELLIA_128_CBC_SHA1
TLS_RSA_CAMELLIA_128_CBC_SHA256
TLS_RSA_3DES_EDE_CBC_SHA1
TLS_DHE_RSA_AES_256_GCM_SHA384
TLS_DHE_RSA_CAMELLIA_256_GCM_SHA384
TLS_DHE_RSA_CHACHA20_POLY1305
TLS_DHE_RSA_AES_256_CCM
TLS_DHE_RSA_AES_256_CBC_SHA1
TLS_DHE_RSA_AES_256_CBC_SHA256
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
TLS_DHE_RSA_CAMELLIA_256_CBC_SHA256
TLS_DHE_RSA_AES_128_GCM_SHA256
TLS_DHE_RSA_CAMELLIA_128_GCM_SHA256
TLS_DHE_RSA_AES_128_CCM
TLS_DHE_RSA_AES_128_CBC_SHA1
TLS_DHE_RSA_AES_128_CBC_SHA256
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
TLS_DHE_RSA_CAMELLIA_128_CBC_SHA256
TLS_DHE_RSA_3DES_EDE_CBC_SHA1

E.1.2. Certificate types

 CTYPE-X.509

E.1.3. Protocols

 VERS-TLS1.2
 VERS-TLS1.1
 VERS-TLS1.0
 VERS-DTLS1.2
 VERS-DTLS1.0

E.1.4. Compression

 COMP-NULL

E.1.5. Elliptic curves

 CURVE-SECP256R1
 CURVE-SECP384R1
 CURVE-SECP521R1
 CURVE-SECP224R1
 CURVE-SECP192R1

E.1.6. PK-signatures

 SIGN-RSA-SHA256
 SIGN-ECDSA-SHA256
 SIGN-RSA-SHA384
 SIGN-ECDSA-SHA384
 SIGN-RSA-SHA512
 SIGN-ECDSA-SHA512
 SIGN-RSA-SHA224
 SIGN-ECDSA-SHA224
 SIGN-RSA-SHA1
 SIGN-ECDSA-SHA1