[openssl-dev] Circumstances cause CBC often to be preferred over GCM modes
Hubert Kario
hkario at redhat.com
Tue Dec 16 16:11:34 UTC 2014
On Tuesday 16 December 2014 16:18:09 Hanno Böck wrote:
> On Tue, 16 Dec 2014 15:42:43 +0100
>
> Hubert Kario <hkario at redhat.com> wrote:
> > Last time we have discussed it[1], the only voices against were about
> > removal of RC4 ciphers from default
>
> The boringssl patch was quite invasive, so I gave up to try to port
> their changes.
>
> But in essence it's quite trivial, just re-order stuff a bit. See
> attached patch.
>
>
> Output after my patch of ALL:COMPLEMENTOFALL:
<snip>
> To compare, output of plain openssl:
<snip>
they don't differ...
but comparing that to what Fedora version of openssl outputs, then new order
certainly makes things a bit better.
there are few issues still
- aRSA preferred before aECDSA
- AES256 before AES128 in general
- few export grade ciphers placed before secure ciphers
- 3DES is placed arbitrarily
I'd prefer not only change the order, but also say what was the intent and
what is the preferred ordering (which keys are used for ordering), so that
when new ciphers come, it will be more or less obvious where they should be
placed
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
More information about the openssl-dev
mailing list