# HG changeset patch
# User Christian Klinger
# Date 1478473338 -3600
# Node ID 36f66e94771dd39e8948ba1023e5ca0677655840
# Parent 92ad1c92bcf93310bf59447dd581cac37af87adb
SSL: switch from AES128 to AES256 for TLS Session Tickets.
OpenSSL switched from AES128 to AES256 for de-/encryption of sessi
Hi,
On Sun, Nov 06, 2016 at 03:19:36AM -0800, Piotr Sikora wrote:
> ...and while we're breaking backward-compatibility, we should also
> change the order in which values are read from files to match what
> OpenSSL, BoringSSL & Apache are doing, [...]
Done.
(See follow-up message)
Best regards,
C
# HG changeset patch
# User Christian Klinger
# Date 1478468739 -3600
# Node ID 9cfbbce1ec24a31c29ea2f20cb21e32e5173bc60
# Parent 92ad1c92bcf93310bf59447dd581cac37af87adb
Follow OpenSSL's switch from AES128 to AES256 for session tickets
OpenSSL switched from AES128 to AES256 for de-/encryption o
Hi,
On Sat, Nov 05, 2016 at 07:07:23PM -0700, Piotr Sikora wrote:
> Also, considering that recent versions of OpenSSL use AES256 by
> default (i.e. when keys are not provided using
> "ssl_session_ticket_key" directive), we shouldn't provide a way lower
> the security of Session Tickets.
If backwa
# HG changeset patch
# User Christian Klinger
# Date 1478383992 -3600
# Node ID 5719a734584d23a6bcd22a3e59dd36138d06b803
# Parent 92ad1c92bcf93310bf59447dd581cac37af87adb
Follow OpenSSL's switch from AES128 to AES256 for session tickets
OpenSSL switched from AES128 to AES256 for de-/encryption o
