[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Thu Feb 4 17:20:11 UTC 2016


On 2/4/16, 12:10 , "openssl-dev on behalf of Kurt Roeckx via RT"
<openssl-dev-bounces at openssl.org on behalf of rt at openssl.org> wrote:

>On Thu, Feb 04, 2016 at 10:10:06AM +0000, Moonchild via RT wrote:
>> Really?
>> 
>> That's all we get, a one-liner, no explanation, no rationale, response?
>> It's not even "brand new" functionality, Camellia as a raw cipher is
>>already
>> in there, the only difference is wrapping it into GCM-based suites.
>>Patches
>> are available, too.
>
>I think the concerns are:
>- Nobody else seems to be using Camellia

I thought it’s used pretty widely in Asia.

>- We don't have a constant time implementation of it

Something to write in the documentation - not everybody needs to worry
about this (contrary to what some academia publications seemed to imply).

>- For processors that have AESNI, it's slower than AES

So…? 

People who want to use it, most likely do it for reasons other than speed.

>- Adding more ciphers to the default list will just increase the
>  client hello and not change anything.

???

>That being said, I don't think there should be a problem adding
>the support.  I'm just not sure about enabling it by default.

Enabling by default probably is unnecessary, IMHO.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160204/ec79f4cb/attachment.bin>


More information about the openssl-dev mailing list