Re: [openssl-dev] cipher order

2016-03-04 Thread Emilia Käsper
On Fri, Mar 4, 2016 at 11:00 PM Viktor Dukhovni wrote: > > > On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote: > > > > I've updated the pull to do a much more substantial cleanup. > > What will @STRENGTH mean in this context? Will ignore > the

Re: [openssl-dev] cipher order

2016-03-04 Thread Jeffrey Walton
> Browsers have largely decided to implement GCM-modes only with AES128. > Chrome is now about to change that. Not sure if other browsers will > follow. > > Right now if you configure a server with openssl's cipher suite > ordering it is likely that a connection will happen with AES256 in CBC >

Re: [openssl-dev] cipher order

2016-03-04 Thread Viktor Dukhovni
> On Mar 4, 2016, at 3:57 PM, Emilia Käsper wrote: > > I've updated the pull to do a much more substantial cleanup. What will @STRENGTH mean in this context? Will ignore the distinction between AES256 and AES128? What does this do to the @SECLEVEL interface which tries to

Re: [openssl-dev] cipher order

2016-03-04 Thread Emilia Käsper
I've updated the pull to do a much more substantial cleanup. On Thu, Mar 3, 2016 at 6:16 PM Emilia Käsper wrote: > Hm, I think that I actually agree. But David's done enough, so I'll have a > look myself. > > On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL < >

Re: [openssl-dev] cipher order

2016-03-03 Thread Emilia Käsper
Hm, I think that I actually agree. But David's done enough, so I'll have a look myself. On Thu, Mar 3, 2016 at 5:33 PM Blumenthal, Uri - 0553 - MITLL < u...@ll.mit.edu> wrote: > On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck" >

Re: [openssl-dev] cipher order

2016-03-03 Thread Blumenthal, Uri - 0553 - MITLL
On 3/3/16, 11:30 , "openssl-dev on behalf of Hanno Böck" wrote: >On Thu, 03 Mar 2016 16:18:57 + Emilia Käsper >wrote: >>https://github.com/openssl/openssl/pull/783 > >This is different from what I had in mind.

Re: [openssl-dev] cipher order

2016-03-03 Thread Hanno Böck
On Thu, 03 Mar 2016 16:18:57 + Emilia Käsper wrote: > https://github.com/openssl/openssl/pull/783 This is different from what I had in mind. What this patch does is sort e.g. chacha/poly and aes256-gcm before aes256-cbc. It does however not sort aes128-gcm before

Re: [openssl-dev] cipher order

2016-03-03 Thread Emilia Käsper
From: Hanno Böck > Sent: Thursday, March 3, 2016 07:28 > To: openssl-dev@openssl.org > Reply To: openssl-dev@openssl.org > Subject: [openssl-dev] cipher order > > Hi, > > Last year I proposed to change the ciphering order in OpenSSL to always > prefer AEA

Re: [openssl-dev] cipher order

2016-03-03 Thread Blumenthal, Uri - 0553 - MITLL
+1 Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.   Original Message   From: Hanno Böck Sent: Thursday, March 3, 2016 07:28 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: [openssl-dev] cipher order Hi, Last year I proposed to change

[openssl-dev] cipher order

2016-03-03 Thread Hanno Böck
Hi, Last year I proposed to change the ciphering order in OpenSSL to always prefer AEAD cipher suites before CBC/HMAC-based ones: https://mta.openssl.org/pipermail/openssl-dev/2015-January/000421.html I just checked openssl 1.1.0 alpha and it still orders ciphers in an imho problematic way.