On Tue, Dec 16, 2014 at 06:15:19PM +0100, Hanno B?ck wrote:
> On Tue, 16 Dec 2014 17:11:34 +0100
> Hubert Kario <hka...@redhat.com> wrote:
>
> > they don't differ...
>
> oh sorry, must've pasted the wrong string.
>
> But please ignore my first patch, I don't think this is optimal. I'll
> do another one later.
>
> What I think is a sane approach is to leave the current code mostly as
> it is, just add one further sorting step that will bring GCM ciphers in
> front of non-gcm ones.
> I think that should give the desired result.
We don't need such a "sorting step". If you want "@STRENGTH" to
put AEAD first, then adjust the strength ratings.
We could define a few functions of (algorithm, keylength, mode)
that return an effective strength. Some new keywords would choose
an alternative effective strength function. There should be one
(stable) sorting pass, and no after-the-fact reordering.
--
Viktor.
_______________________________________________
openssl-dev mailing list
openssl-dev@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
