[openssl-dev] cipher order

Jeffrey Walton noloader at gmail.com
Fri Mar 4 22:24:00 UTC 2016

> Browsers have largely decided to implement GCM-modes only with AES128.
> Chrome is now about to change that. Not sure if other browsers will
> follow.
> Right now if you configure a server with openssl's cipher suite
> ordering it is likely that a connection will happen with AES256 in CBC
> mode instead of the (most likely more secure) AES128 in GCM mode.

The standard does not specify whether the client selects the cipher or
the server selects the cipher. OpenSSL servers yield to the client's
preference. That is, the server attempts to match the clients first
preference, then the second preference, and so on.

If you control the server's configuration, then order them how you see
fit. Then use SSL_OP_CIPHER_SERVER_PREFERENCE context option to ensure
the server's preference for ciphers are used.


More information about the openssl-dev mailing list