NSS on RHEL5

Updated 22 Dec 2016

Capabilities of NSS (v3.21.3) on RHEL5

This article is part of the Securing Applications Collection

Due to the serious issues with the design of TLS and implementation issues in nss uncovered during the lifetime of RHEL5 you should always use the latest version but at least

nss-3.21.3-2.el5_11

Capabilities

Protocols

TLSv1.2
TLSv1.1
TLSv1
SSLv3
SSLv2

Ciphers

In all current versions of NSS there is no centralised mechanism to provide a preferred cipher list. The result of this is that all applications that utilise NSS for their cipher needs provide their own cipher string parsers. This known shortcoming is something that is looking to be addressed in future releases of NSS.

Suite Name	Cipher Suite	Key Exchange	Auth Algo	Symmetric Cipher	Effective Bits	MAC Algo	Enabled	Class	Export/Domestic	Note
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256	0xc02b	ECDHE	ECDSA	AES-GCM	128	AEAD	Disabled	FIPS	Domestic
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	0xc02f	ECDHE	RSA	AES-GCM	128	AEAD	Disabled	FIPS	Domestic
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xc00a	ECDHE	ECDSA	AES	256	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xc009	ECDHE	ECDSA	AES	128	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xc013	ECDHE	RSA	AES	128	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256	0xc023	ECDHE	ECDSA	AES	128	SHA256	Disabled	FIPS	Domestic
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	0xc027	ECDHE	RSA	AES	128	SHA256	Disabled	FIPS	Domestic
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xc014	ECDHE	RSA	AES	256	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xc008	ECDHE	ECDSA	3DES	112	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xc012	ECDHE	RSA	3DES	112	SHA1	Disabled	FIPS	Domestic
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xc007	ECDHE	ECDSA	RC4	128	SHA1	Disabled		Domestic
TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xc011	ECDHE	RSA	RC4	128	SHA1	Disabled		Domestic
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256	0x009e	DHE	RSA	AES-GCM	128	AEAD	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256	0x00a2	DHE	DSA	AES-GCM	128	AEAD	Disabled	FIPS	Domestic
TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033	DHE	RSA	AES	128	SHA1	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032	DHE	DSA	AES	128	SHA1	Enabled	FIPS	Domestic
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256	0x0067	DHE	RSA	AES	128	SHA256	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256	0x0040	DHE	DSA	AES	128	SHA256	Disabled	FIPS	Domestic
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0045	DHE	RSA	CAMELLIA	128	SHA1	Disabled		Domestic
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA	0x0044	DHE	DSA	CAMELLIA	128	SHA1	Disabled		Domestic
TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039	DHE	RSA	AES	256	SHA1	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038	DHE	DSA	AES	256	SHA1	Enabled	FIPS	Domestic
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256	0x006b	DHE	RSA	AES	256	SHA256	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256	0x006a	DHE	DSA	AES	256	SHA256	Disabled	FIPS	Domestic
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0088	DHE	RSA	CAMELLIA	256	SHA1	Disabled		Domestic
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA	0x0087	DHE	DSA	CAMELLIA	256	SHA1	Disabled		Domestic
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016	DHE	RSA	3DES	112	SHA1	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013	DHE	DSA	3DES	112	SHA1	Enabled	FIPS	Domestic
TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066	DHE	DSA	RC4	128	SHA1	Disabled		Domestic
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xc004	ECDH	ECDSA	AES	128	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xc00e	ECDH	RSA	AES	128	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xc005	ECDH	ECDSA	AES	256	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xc00f	ECDH	RSA	AES	256	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xc003	ECDH	ECDSA	3DES	112	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xc00d	ECDH	RSA	3DES	112	SHA1	Disabled	FIPS	Domestic
TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xc002	ECDH	ECDSA	RC4	128	SHA1	Disabled		Domestic
TLS_ECDH_RSA_WITH_RC4_128_SHA	0xc00c	ECDH	RSA	RC4	128	SHA1	Disabled		Domestic
TLS_RSA_WITH_AES_128_GCM_SHA256	0x009c	RSA	RSA	AES-GCM	128	AEAD	Enabled	FIPS	Domestic
TLS_RSA_WITH_AES_128_CBC_SHA	0x002f	RSA	RSA	AES	128	SHA1	Enabled	FIPS	Domestic
TLS_RSA_WITH_AES_128_CBC_SHA256	0x003c	RSA	RSA	AES	128	SHA256	Enabled	FIPS	Domestic
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA	0x0041	RSA	RSA	CAMELLIA	128	SHA1	Disabled		Domestic
TLS_RSA_WITH_AES_256_CBC_SHA	0x0035	RSA	RSA	AES	256	SHA1	Enabled	FIPS	Domestic
TLS_RSA_WITH_AES_256_CBC_SHA256	0x003d	RSA	RSA	AES	256	SHA256	Enabled	FIPS	Domestic
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA	0x0084	RSA	RSA	CAMELLIA	256	SHA1	Disabled		Domestic
TLS_RSA_WITH_SEED_CBC_SHA	0x0096	RSA	RSA	SEED	128	SHA1	Disabled	FIPS	Domestic
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xfeff	RSA	RSA	3DES	112	SHA1	Disabled	FIPS	Domestic	nonStandard
TLS_RSA_WITH_3DES_EDE_CBC_SHA	0x000a	RSA	RSA	3DES	112	SHA1	Enabled	FIPS	Domestic
TLS_RSA_WITH_RC4_128_SHA	0x0005	RSA	RSA	RC4	128	SHA1	Enabled		Domestic
TLS_RSA_WITH_RC4_128_MD5	0x0004	RSA	RSA	RC4	128	MD5	Enabled		Domestic
TLS_DHE_RSA_WITH_DES_CBC_SHA	0x0015	DHE	RSA	DES	56	SHA1	Disabled		Domestic
TLS_DHE_DSS_WITH_DES_CBC_SHA	0x0012	DHE	DSA	DES	56	SHA1	Disabled		Domestic
SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xfefe	RSA	RSA	DES	56	SHA1	Disabled		Domestic	nonStandard
TLS_RSA_WITH_DES_CBC_SHA	0x0009	RSA	RSA	DES	56	SHA1	Disabled		Domestic
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064	RSA	RSA	RC4	56	SHA1	Disabled		Export
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062	RSA	RSA	DES	56	SHA1	Disabled		Export
TLS_RSA_EXPORT_WITH_RC4_40_MD5	0x0003	RSA	RSA	RC4	40	MD5	Disabled		Export
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006	RSA	RSA	RC2	40	MD5	Disabled		Export
TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xc006	ECDHE	ECDSA	NULL	0	SHA1	Disabled		Domestic
TLS_ECDHE_RSA_WITH_NULL_SHA	0xc010	ECDHE	RSA	NULL	0	SHA1	Disabled		Domestic
TLS_ECDH_RSA_WITH_NULL_SHA	0xc00b	ECDH	RSA	NULL	0	SHA1	Disabled		Domestic
TLS_ECDH_ECDSA_WITH_NULL_SHA	0xc001	ECDH	ECDSA	NULL	0	SHA1	Disabled		Domestic
TLS_RSA_WITH_NULL_SHA	0x0002	RSA	RSA	NULL	0	SHA1	Disabled		Export
TLS_RSA_WITH_NULL_SHA256	0x003b	RSA	RSA	NULL	0	SHA256	Disabled		Export
TLS_RSA_WITH_NULL_MD5	0x0001	RSA	RSA	NULL	0	MD5	Disabled		Export
SSL_CK_RC4_128_WITH_MD5	0xff01	RSA	RSA	RC4	128	MD5	Enabled	SSL2	Domestic
SSL_CK_RC2_128_CBC_WITH_MD5	0xff03	RSA	RSA	RC2	128	MD5	Enabled	SSL2	Domestic
SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0xff07	RSA	RSA	3DES	112	MD5	Enabled	SSL2	Domestic
SSL_CK_DES_64_CBC_WITH_MD5	0xff06	RSA	RSA	DES	56	MD5	Enabled	SSL2	Domestic
SSL_CK_RC4_128_EXPORT40_WITH_MD5	0xff02	RSA	RSA	RC4	40	MD5	Enabled	SSL2	Export
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0xff04	RSA	RSA	RC2	40	MD5	Enabled	SSL2	Export

Certificates

certificates with RSA keys and SHA-1 or SHA-256 signatures.
certificates with EC keys and DSA or SHA-256 signatures

Hashes

md5 message digest algorithm
sha1 message digest algorithm
sha message digest algorithm
sha224 message digest algorithm
sha256 message digest algorithm
sha384 message digest algorithm
sha512 message digest algorithm

Additional Notes

Product(s)

Red Hat Enterprise Linux

Category

Secure

Components

Tags

security

Article Type

General