[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Dec 16 04:53:11 UTC 2014
On Tue, Dec 16, 2014 at 04:23:24AM +0100, Hanno B?ck wrote:
> > On Tue, Dec 16, 2014 at 02:18:40AM +0100, Hanno B?ck wrote:
> >
> > > Firefox and Chrome support authenticated encryption via TLS 1.2 and
> > > GCM these days. However they have for some reason decided not to
> > > support AES-256 but only AES-128.
> >
> > In which case, they will never use AES-256, and yet:
>
> No, you understood that wrong: They decided to not support AES-256 for
> CGM. For CBC they support both 128/256.
In that case indeed many servers will choose CBC at 256 bits over
GCM at 128. This is a browser configuration issue, and should be
addressed there.
> And yes, my initial mail was a bit confused (server chooses, not
> client), still the result is the same: For very common settings it
> happens that browsers choose cbc if gcm would be available (just
> point chrome to https://www.openssl.org to see it).
The browsers need to fix their settings, but there are many competing
factors here, and perhaps they have good reasons for the choices
they made.
--
Viktor.
More information about the openssl-dev
mailing list