[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Kurt Roeckx via RT
rt at openssl.org
Thu Feb 4 17:10:45 UTC 2016
On Thu, Feb 04, 2016 at 10:10:06AM +0000, Moonchild via RT wrote:
> Really?
>
> That's all we get, a one-liner, no explanation, no rationale, response?
> It's not even "brand new" functionality, Camellia as a raw cipher is already
> in there, the only difference is wrapping it into GCM-based suites. Patches
> are available, too.
I think the concerns are:
- Nobody else seems to be using Camellia
- We don't have a constant time implementation of it
- For processors that have AESNI, it's slower than AES
- Adding more ciphers to the default list will just increase the
client hello and not change anything.
That being said, I don't think there should be a problem adding
the support. I'm just not sure about enabling it by default.
Kurt
-------------------------------------------------------------------------
http://rt.openssl.org/Ticket/Display.html?id=4075
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list