[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Moonchild via RT
rt at openssl.org
Thu Oct 8 10:12:51 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 08/10/2015 10:53, Alessandro Ghedini via RT wrote:
> Patches for this are available at [0], however there has been some
> resistance to adding the new TLS cipher suites to OpenSSL (see [1]), so
> the discussion has stalled.
That's really disappointing! I don't understand the resistance to this
addition. It's a cipher with no known attacks found over the past decade or
so...
>> These suites are already supported in e.g. GNUTLS, Botan and PolarSSL,
>> iiuc. Firefox will also be adding the GCM versions of Camellia to NSS
>
> Do you have a source for the news above? IIRC Firefox used to support
> Camellia, but dropped it in v37 or so.
Other libs supporting this:
GNUTLS: http://gnutls.org/manual/html_node/Supported-ciphersuites.html
Botan: http://botan.randombit.net/manual/tls.html#tls-policies
PolarSSL: https://tls.mbed.org/supported-ssl-ciphersuites
Addition to Firefox/NSS:
See recent discussion in
https://bugzilla.mozilla.org/show_bug.cgi?id=1211248
(which addresses the premature removal of Camellia CBC ciphers)
and recent activity on
https://bugzilla.mozilla.org/show_bug.cgi?id=940119
(the actual implementation bug, which had stalled for a while but seems to
want to get moving again. It has a reviewed patch.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
iF4EAREIAAYFAlYWQZkACgkQEguw022l8qzFBgD/d+FXvjUQA8CiqpA1ID1hm5em
DFTBvTWBq5h5TIITRQ0A/0szG+yjimez7doxczfqzCpa8pb67BgegSAkUpsF6z8a
=hAzy
-----END PGP SIGNATURE-----
More information about the openssl-dev
mailing list