On Fri, Mar 4, 2016 at 11:00 PM Viktor Dukhovni
wrote:
>
> > On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote:
> >
> > I've updated the pull to do a much more substantial cleanup.
>
> What will @STRENGTH mean in this context? Will ignore
> the
> Browsers have largely decided to implement GCM-modes only with AES128.
> Chrome is now about to change that. Not sure if other browsers will
> follow.
>
> Right now if you configure a server with openssl's cipher suite
> ordering it is likely that a connection will happen with AES256 in CBC
>
> On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote:
>
> I've updated the pull to do a much more substantial cleanup.
What will @STRENGTH mean in this context? Will ignore
the distinction between AES256 and AES128? What does this
do to the @SECLEVEL interface which tries to
I've updated the pull to do a much more substantial cleanup.
On Thu, Mar 3, 2016 at 6:16 PM Emilia Käsper wrote:
> Hm, I think that I actually agree. But David's done enough, so I'll have a
> look myself.
>
> On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL <
>
Hm, I think that I actually agree. But David's done enough, so I'll have a
look myself.
On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL <
u...@ll.mit.edu> wrote:
> On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck"
>
On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck"
wrote:
>On Thu, 03 Mar 2016 16:18:57 + Emilia Käsper
>wrote:
>>https://github.com/openssl/openssl/pull/783
>
>This is different from what I had in mind.
On Thu, 03 Mar 2016 16:18:57 +
Emilia Käsper wrote:
> https://github.com/openssl/openssl/pull/783
This is different from what I had in mind.
What this patch does is sort e.g. chacha/poly and aes256-gcm before
aes256-cbc. It does however not sort aes128-gcm before
From: Hanno Böck
> Sent: Thursday, March 3, 2016 07:28
> To: openssl-dev@openssl.org
> Reply To: openssl-dev@openssl.org
> Subject: [openssl-dev] cipher order
>
> Hi,
>
> Last year I proposed to change the ciphering order in OpenSSL to always
> prefer AEA
+1
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Hanno Böck
Sent: Thursday, March 3, 2016 07:28
To: openssl-dev@openssl.org
Reply To: openssl-dev@openssl.org
Subject: [openssl-dev] cipher order
Hi,
Last year I proposed to change
Hi,
Last year I proposed to change the ciphering order in OpenSSL to always
prefer AEAD cipher suites before CBC/HMAC-based ones:
https://mta.openssl.org/pipermail/openssl-dev/2015-January/000421.html
I just checked openssl 1.1.0 alpha and it still orders ciphers in an
imho problematic way.
10 matches
Mail list logo