[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Moonchild via RT
rt at openssl.org
Thu Oct 8 00:47:21 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello people,
An enhancement request here for OpenSSL to add support for Camellia in GCM
with ECC key exchange.
Rationale:
Camellia has been recognized as a modern and supported cipher by ENISA,
NESSIE, CRYPTREC, ISO and IETF among others so should be supported
long-term. OpenSSL currently only supports the (rather expensive) DHE/RSA
CBC+IV versions of the suite, and should be updated with the ECC and GCM
modes of operation.
It's important to have at least one cipher coming from non-US expert bodies
that is maintained to the same level as AES currently is, and OpenSSL seems
to be trailing behind in that respect. I would request addition of at least
the following:
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086)
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a)
And possibly their 256-bit counterparts
These suites are already supported in e.g. GNUTLS, Botan and PolarSSL, iiuc.
Firefox will also be adding the GCM versions of Camellia to NSS, and my own
browser (Pale Moon) also has it slated for the next milestone. Considering
the large use of OpenSSL to build other software on, including big names,
e.g. nginx, it's of great importance to add these suites.
Thanks for your consideration,
Moonchild (AKA Mark)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iF4EAREIAAYFAlYVsD8ACgkQEguw022l8qzGgAD+K6r2gxYYQRjrfAqz+JX1ClG9
1wsCrrMe1GZlnQLjAS0BAJmLVXej56Xpd8qNK4+tMucquUIjip8TNxTKyQu/MOeB
=wzz5
-----END PGP SIGNATURE-----
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list