On Tue, 16 Dec 2014 15:14:13 +0100 Hubert Kario <hka...@redhat.com> wrote:
> No, this is problem with OpenSSL cipher order - it prefers key size > over other factors - it should prefer AEAD and PFS ciphers before > ordering on key size, doubly so that in practice you can't get > anywhere near 256 bit level of security using TLS. Agreed, this is one of the things I think that should happen. I got a reply on the chromium list that this is already so in boringssl. Code is in ssl/ssl_ciph.c If there is consensus that this should be ported I would try to isolate the neccessary patches from boringssl and submit them. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpOzx88GMmMN.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
