[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

Kurt Roeckx via RT rt at openssl.org
Thu Feb 4 17:10:45 UTC 2016


On Thu, Feb 04, 2016 at 10:10:06AM +0000, Moonchild via RT wrote:
> Really?
> 
> That's all we get, a one-liner, no explanation, no rationale, response?
> It's not even "brand new" functionality, Camellia as a raw cipher is already
> in there, the only difference is wrapping it into GCM-based suites. Patches
> are available, too.

I think the concerns are:
- Nobody else seems to be using Camellia
- We don't have a constant time implementation of it
- For processors that have AESNI, it's slower than AES
- Adding more ciphers to the default list will just increase the
  client hello and not change anything.

That being said, I don't think there should be a problem adding
the support.  I'm just not sure about enabling it by default.


Kurt



-------------------------------------------------------------------------
http://rt.openssl.org/Ticket/Display.html?id=4075

Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list