| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
7.8 Priority strings
In order to specify cipher suite preferences on a TLS session there are priority functions that accept a string specifying the enabled for the handshake algorithms. That string may contain a high level keyword such as in Table 7.1 or combination of a high level keyword, additional algorithm keywords and special keywords.
| Keyword | Description |
|---|---|
| PERFORMANCE | All the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance. |
| NORMAL | Means all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin. |
| SECURE128 | Means all "secure" ciphersuites of security level 128-bit or more. |
| SECURE192 | Means all "secure" ciphersuites of security level 192-bit or more. |
| SECURE256 | Currently alias for SECURE192. |
| SUITEB128 | Means all the NSA Suite B cryptography (RFC5430) ciphersuites with an 128 bit security level. |
| SUITEB192 | Means all the NSA Suite B cryptography (RFC5430) ciphersuites with an 192 bit security level. |
| EXPORT | Means all ciphersuites are enabled, including the low-security 40 bit ciphers. |
| NONE | Means nothing is enabled. This disables even protocols and compression methods. It should be followed by the algorithms to be enabled. |
Table 7.1: Supported priority string keywords.
Unless the first keyword is "NONE" the defaults (in preference order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for compression NULL; for certificate types X.509. In key exchange algorithms when in NORMAL or SECURE levels the perfect forward secrecy algorithms take precedence of the other protocols. In all cases all the supported key exchange algorithms are enabled (except for the RSA-EXPORT which is only enabled in EXPORT level). The NONE keyword, if used, must followed by the algorithms to be enabled, and is used to provide the exact list of requested algorithms(15). The order with which every algorithm is specified is significant. Similar algorithms specified before others will take precedence. The individual algorithms are shown in Table 7.2 and special keywords are in Table 7.3. The prefixes for individual algorithms are:
- ’!’ or ’-’
appended with an algorithm will remove this algorithm.
- "+"
appended with an algorithm will add this algorithm.
| Type | Keywords |
|---|---|
| Ciphers | AES-128-CBC, AES-256-CBC, AES-128-GCM, CAMELLIA-128-CBC, CAMELLIA-256-CBC, ARCFOUR-128, 3DES-CBC ARCFOUR-40. Catch all name is CIPHER-ALL which will add all the algorithms from NORMAL priority. |
| Key exchange | RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS, PSK, DHE-PSK, ECDHE-RSA, ANON-ECDH, ANON-DH, RSA-EXPORT. The Catch all name is KX-ALL which will add all the algorithms from NORMAL priority. |
| MAC | MD5, SHA1, SHA256, AEAD (used with GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL. |
| Compression algorithms | COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL. |
| TLS versions | VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2. Catch all is VERS-TLS-ALL. |
| Signature algorithms | SIGN-RSA-SHA1, SIGN-RSA-SHA224, SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-DSA-SHA1, SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5. Catch all is SIGN-ALL. This is only valid for TLS 1.2 and later. |
| Elliptic curves | CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1. Catch all is CURVE-ALL. |
Table 7.2: The supported algorithm keywords in priority strings.
| Keyword | Description |
|---|---|
| %COMPAT | will enable compatibility mode. It might mean that violations of the protocols are allowed as long as maximum compatibility with problematic clients and servers is achieved. |
| %NO_EXTENSIONS | will prevent the sending of any TLS extensions in client side. Note that TLS 1.2 requires extensions to be used, as well as safe renegotiation thus this option must be used with care. |
| %SERVER_PRECEDENCE | The ciphersuite will be selected according to server priorities and not the client’s. |
| %DISABLE_SAFE_RENEGOTIATION | will disable safe renegotiation completely. Do not use unless you know what you are doing. Testing purposes only. |
| %UNSAFE_RENEGOTIATION | will allow handshakes and re-handshakes without the safe renegotiation extension. Note that for clients this mode is insecure (you may be under attack), and for servers it will allow insecure clients to connect (which could be fooled by an attacker). Do not use unless you know what you are doing and want maximum compatibility. |
| %PARTIAL_RENEGOTIATION | will allow initial handshakes to proceed, but not re-handshakes. This leaves the client vulnerable to attack, and servers will be compatible with non-upgraded clients for initial handshakes. This is currently the default for clients and servers, for compatibility reasons. |
| %SAFE_RENEGOTIATION | will enforce safe renegotiation. Clients and servers will refuse to talk to an insecure peer. Currently this causes interoperability problems, but is required for full protection. |
| %SSL3_RECORD_VERSION | will use SSL3.0 record version in client hello. This is the default. |
| %LATEST_RECORD_VERSION | will use the latest TLS version record version in client hello. |
| %VERIFY_ALLOW_SIGN_RSA_MD5 | will allow RSA-MD5 signatures in certificate chains. |
| %VERIFY_ALLOW_X509_V1_CA_CRT | will allow V1 CAs in chains. |
Table 7.3: Special priority string keywords.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on January 4, 2012 using texi2html 5.0.