gnutls: add a strong default priority string (!7221) · Merge requests · VideoLAN / VLC

William Woodruff requested to merge woodruffw/vlc:gnutls-strong-default into master May 09, 2025

This changes the default priority string from "NORMAL" to one that enables 128+ bit ciphers and only allows TLS 1.2 and 1.3, making it broadly consistent with best practices in the current Web PKI.

This should have little to no compatibility ramifications in practice, since major browsers have not supported TLS 1.0 or TLS 1.1 for several years (Firefox and Chrome both removed support in 2020). Even in 2018, TLS 1.0 and 1.1 were only 0.5% of all HTTPS connections made in Chrome1.

However, users can retain the previous TLS 1.0 and 1.1 behavior by configuring the "gnutls-priorities" option.

The defaults set by this net priority string can be confirmed by inspecting it with gnutls-cli, e.g.:

gnutls-cli --priority 'SECURE128:+SECURE192:+SECURE256:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3' -l

which yields:

Cipher suites for SECURE128:+SECURE192:+SECURE256:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3
TLS_AES_256_GCM_SHA384                            	0x13, 0x02	TLS1.3
TLS_CHACHA20_POLY1305_SHA256                      	0x13, 0x03	TLS1.3
TLS_AES_128_GCM_SHA256                            	0x13, 0x01	TLS1.3
TLS_AES_128_CCM_SHA256                            	0x13, 0x04	TLS1.3
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                	0xc0, 0x2c	TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                 	0xcc, 0xa9	TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	TLS1.0
TLS_ECDHE_ECDSA_AES_256_CCM                       	0xc0, 0xad	TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                	0xc0, 0x2b	TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	TLS1.0
TLS_ECDHE_ECDSA_AES_128_CCM                       	0xc0, 0xac	TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  	0xc0, 0x30	TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                   	0xcc, 0xa8	TLS1.2
TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	TLS1.0
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  	0xc0, 0x2f	TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	TLS1.0
TLS_RSA_AES_256_GCM_SHA384                        	0x00, 0x9d	TLS1.2
TLS_RSA_AES_256_CBC_SHA1                          	0x00, 0x35	TLS1.0
TLS_RSA_AES_256_CCM                               	0xc0, 0x9d	TLS1.2
TLS_RSA_AES_128_GCM_SHA256                        	0x00, 0x9c	TLS1.2
TLS_RSA_AES_128_CBC_SHA1                          	0x00, 0x2f	TLS1.0
TLS_RSA_AES_128_CCM                               	0xc0, 0x9c	TLS1.2
TLS_DHE_RSA_AES_256_GCM_SHA384                    	0x00, 0x9f	TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305                     	0xcc, 0xaa	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	TLS1.0
TLS_DHE_RSA_AES_256_CCM                           	0xc0, 0x9f	TLS1.2
TLS_DHE_RSA_AES_128_GCM_SHA256                    	0x00, 0x9e	TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	TLS1.0
TLS_DHE_RSA_AES_128_CCM                           	0xc0, 0x9e	TLS1.2

Protocols: VERS-TLS1.2, VERS-TLS1.3
Ciphers: AES-256-GCM, CHACHA20-POLY1305, AES-256-CBC, AES-256-CCM, AES-128-GCM, AES-128-CBC, AES-128-CCM
MACs: SHA1, AEAD
Key Exchange Algorithms: ECDHE-ECDSA, ECDHE-RSA, RSA, DHE-RSA
Groups: GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, GROUP-FFDHE8192
PK-signatures: SIGN-RSA-SHA256, SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-RSAE-SHA256, SIGN-ECDSA-SHA256, SIGN-ECDSA-SECP256R1-SHA256, SIGN-EdDSA-Ed25519, SIGN-RSA-SHA384, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-RSAE-SHA384, SIGN-ECDSA-SHA384, SIGN-ECDSA-SECP384R1-SHA384, SIGN-EdDSA-Ed448, SIGN-RSA-SHA512, SIGN-RSA-PSS-SHA512, SIGN-RSA-PSS-RSAE-SHA512, SIGN-ECDSA-SHA512, SIGN-ECDSA-SECP521R1-SHA512

Signed-off-by: William Woodruff william@trailofbits.com

gnutls: add a strong default priority string

Merge request reports