[openssl-dev] [openssl.org #4075] Enhancement request: Camellia ECDHE+GCM suites
Nich Ramsey via RT
rt at openssl.org
Thu Feb 4 17:36:35 UTC 2016
I'm new to implementing crypto, but this seems like a great learning
opportunity.
What's the best way for me to get ramped up through self-study? I'm
interested in the Camellia cipher, and contributing meaningful additions to
the OpenSSL library.
Moonchild: thank you for your detailed explanation of the Camellia cipher.
This seems like a worthwhile cause, since having many alternative, strong
cipher suites is of great benefit.
Kurt: I agree with you, until there are more people using Camellia it
shouldn't be on by default. It would be nice to have the option to manually
enable it though, especially for people like Moonchild that have a special
need/affinity for the cipher.
Thanks to everyone for continued discussion on this topic.
Nich
On Feb 4, 2016 9:11 AM, "Kurt Roeckx via RT" <rt at openssl.org> wrote:
> On Thu, Feb 04, 2016 at 10:10:06AM +0000, Moonchild via RT wrote:
> > Really?
> >
> > That's all we get, a one-liner, no explanation, no rationale, response?
> > It's not even "brand new" functionality, Camellia as a raw cipher is
> already
> > in there, the only difference is wrapping it into GCM-based suites.
> Patches
> > are available, too.
>
> I think the concerns are:
> - Nobody else seems to be using Camellia
> - We don't have a constant time implementation of it
> - For processors that have AESNI, it's slower than AES
> - Adding more ciphers to the default list will just increase the
> client hello and not change anything.
>
> That being said, I don't think there should be a problem adding
> the support. I'm just not sure about enabling it by default.
>
>
> Kurt
>
>
>
> -------------------------------------------------------------------------
> http://rt.openssl.org/Ticket/Display.html?id=4075
>
> Please log in as guest with password guest if prompted
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-------------------------------------------------------------------------
http://rt.openssl.org/Ticket/Display.html?id=4075
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list