On Thu, 03 Mar 2016 16:18:57 +0000 Emilia Käsper <emi...@openssl.org> wrote:
> https://github.com/openssl/openssl/pull/783 This is different from what I had in mind. What this patch does is sort e.g. chacha/poly and aes256-gcm before aes256-cbc. It does however not sort aes128-gcm before aes256-cbc. (David Benjamin answered to me on the chrome security list that he wanted to avoid arguing about this and chose the lesser controversial variant.) I would argue that cbc/hmac is so fragile that it's always preferrable to have aead before cbc/hmac. The security difference between 128 and 256 bit aes is imho mostly irrelevant in practice. The difference between the two approaches may become mostly irrelevant once all major browsers support at least one aead mode with 256 bit, but I'm not sure if that's going to happen any time soon. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpmJ5ws0YpN1.pgp
Description: OpenPGP digital signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev