[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Alessandro Ghedini via RT
rt at openssl.org
Thu Oct 8 08:53:26 UTC 2015
On Thu, Oct 08, 2015 at 12:47:21AM +0000, Moonchild via RT wrote:
> Hello people,
>
> An enhancement request here for OpenSSL to add support for Camellia in GCM
> with ECC key exchange.
>
> Rationale:
> Camellia has been recognized as a modern and supported cipher by ENISA,
> NESSIE, CRYPTREC, ISO and IETF among others so should be supported
> long-term. OpenSSL currently only supports the (rather expensive) DHE/RSA
> CBC+IV versions of the suite, and should be updated with the ECC and GCM
> modes of operation.
>
> It's important to have at least one cipher coming from non-US expert bodies
> that is maintained to the same level as AES currently is, and OpenSSL seems
> to be trailing behind in that respect. I would request addition of at least
> the following:
>
> TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086)
> TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a)
> And possibly their 256-bit counterparts
Patches for this are available at [0], however there has been some resistance
to adding the new TLS cipher suites to OpenSSL (see [1]), so the discussion has
stalled.
> These suites are already supported in e.g. GNUTLS, Botan and PolarSSL, iiuc.
> Firefox will also be adding the GCM versions of Camellia to NSS
Do you have a source for the news above? IIRC Firefox used to support Camellia,
but dropped it in v37 or so.
Cheers
[0] https://github.com/openssl/openssl/pull/374
[1] https://rt.openssl.org/Ticket/Display.html?id=4017
More information about the openssl-dev
mailing list