On Wed, Sep 28, 2016 at 9:37 AM, Salz, Rich <rs...@akamai.com> wrote: > On the crypto-library side, boringSSL had equivalence classes so you could > specify that by configuring the CIPHER list. If running in a server, and the > configured ciphers were like "[AES:CHACHA]:3DES:RC4" for example, then either > AES or ChaCha would be picked. I don't know if Google servers use that, but > I'd be a bit surprised if they didn't. > > As for OpenSSL, we need to figure out something. The "ciphers" syntax is > showing its age.
The equal-preference groupings have worked pretty well for us in terms of making the right thing happen and being understandable to non-experts. I certainly agree that the ciphers mini-language could do with some renewal overall. But I think a lot of the need for it is also going away. We've spent years worrying about should we do forward security? Do we put RC4 ahead of AES-CBC because of BEAST / POODLE / etc? What about the poor performance of AES-GCM with Java (for a while)? But since we've now drastically reduced the number of options, and those options are (fingers crossed) less shitty than before, I'd hope that a default would work for the vast majority of TLS 1.3 users. Cheers AGL -- Adam Langley a...@imperialviolet.org https://www.imperialviolet.org _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls