On Tue, Dec 16, 2014 at 06:56:14PM +0000, Viktor Dukhovni wrote: > And the browsers should implement SHA-384, and why the hell are we > using SHA-384 with AES256-GCM instead of SHA-256 anyway? Surely > the SHA256 HMAC construction has adequate strength in this context?
With GCM the collision resistance is important and SHA-256 only provides an 128 bit strength for that. Kurt _______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev