[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Hubert Kario
hkario at redhat.com
Tue Dec 16 14:42:43 UTC 2014
On Tuesday 16 December 2014 15:38:01 Hanno Böck wrote:
> On Tue, 16 Dec 2014 15:14:13 +0100
>
> Hubert Kario <hkario at redhat.com> wrote:
> > No, this is problem with OpenSSL cipher order - it prefers key size
> > over other factors - it should prefer AEAD and PFS ciphers before
> > ordering on key size, doubly so that in practice you can't get
> > anywhere near 256 bit level of security using TLS.
>
> Agreed, this is one of the things I think that should happen.
>
> I got a reply on the chromium list that this is already so in
> boringssl. Code is in ssl/ssl_ciph.c
>
> If there is consensus that this should be ported I would try to isolate
> the neccessary patches from boringssl and submit them.
Last time we have discussed it[1], the only voices against were about removal
of RC4 ciphers from default
What is the exact ordering of ALL:COMPLEMENTOFALL in boringssl?
1 - http://openssl.6102.n7.nabble.com/Insecure-DEFAULT-cipher-set-td48995.html
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the openssl-dev
mailing list