On Thu, Oct 08, 2015 at 12:47:21AM +0000, Moonchild via RT wrote: > Hello people, > > An enhancement request here for OpenSSL to add support for Camellia in GCM > with ECC key exchange. > > Rationale: > Camellia has been recognized as a modern and supported cipher by ENISA, > NESSIE, CRYPTREC, ISO and IETF among others so should be supported > long-term. OpenSSL currently only supports the (rather expensive) DHE/RSA > CBC+IV versions of the suite, and should be updated with the ECC and GCM > modes of operation. > > It's important to have at least one cipher coming from non-US expert bodies > that is maintained to the same level as AES currently is, and OpenSSL seems > to be trailing behind in that respect. I would request addition of at least > the following: > > TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) > TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) > And possibly their 256-bit counterparts
Patches for this are available at [0], however there has been some resistance to adding the new TLS cipher suites to OpenSSL (see [1]), so the discussion has stalled. > These suites are already supported in e.g. GNUTLS, Botan and PolarSSL, iiuc. > Firefox will also be adding the GCM versions of Camellia to NSS Do you have a source for the news above? IIRC Firefox used to support Camellia, but dropped it in v37 or so. Cheers [0] https://github.com/openssl/openssl/pull/374 [1] https://rt.openssl.org/Ticket/Display.html?id=4017 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
