lighty's life

lighty developer blog

GnuTLS Priority Strings

Table of Contents

How they work

The priority string is a list of components separated by colons.
Each component must be prefixed with + for adding it to or - or ! for removing it from the configuration (or the set it represents). Levels can only be set (no prefix) or added (with +). Flags can only be set (all flags have a % prefix). NONE can only be specified as first component (without prefix), it represents an empty configuration. Otherwise it starts with a standard configuration containing no ciphers, key exchanges algorithms and hash algorithms.

The order of ciphers, key exchanges algorithms and hash algorithms matters for the order of the cipher suites; to generate the list it first iterates over key exchange algorithms, then ciphers, and then hash algorithms. New items are always added at the end of a list, so for example -SHA1:+SHA1 moves SHA1 to the end of the hash algorithm list.

The -ALL sets are not always representing the full list, but should at least contain the subset present in the NORMAL level.

Version specific remarks

  • Before GnuTLS 3.2.2 removing an algorithm didn’t preserve the order; instead the removed algorithm was replaced by the last algorithm in the list.
  • The fix to preserve ordering in GnuTLS 3.2.2 introduced another bug: NONE:+MAC-ALL:-SHA1:+SHA1 misses SHA1 and has MD5 twice.
  • Also in tested versions so far (≤ 3.2.2) adding -ALL sets removes all other algorithms in the list; if the -ALL set actually contains all algorithms this only overwrites the order, but NONE:+COMP-DEFLATE:+COMP-ALL has only COMP-NULL and not COMP-DEFLATE. I consider this a bug for now, and therefore this behavior is not reflected on this page.
    Levels can’t be removed, but adding levels actually appends the contained algorithms; NONE:+MD5:+NORMAL actually has MD5 as first hash algorithm.
  • GnuTLS 3.2.5 added a lot of new ciphersuites (many new combinations of already supported algorithms, and suites for the new CAMELLIA-128-GCM + CAMELLIA-256-GCM ciphers)
  • (Not released yet): Camellia-GCM ciphers were added to some levels, GCM ciphers got higher priority (than comparable CBC) in default sets. These changes are already active below.

To actually check what your GnuTLS library is doing you can either run gnutls-cli -l --priority="NORMAL" or download and compile gnutls-priority.c (which can show more internal state).

Test priority strings

Priority String:

Priority configuration

Priority suites