[openssl-dev] Enabling AES-192 ciphers, how to expose DHE-RSA-AES192-GCM-SHA384
Salz, Rich
rsalz at akamai.com
Mon Jan 9 19:52:35 UTC 2017
> Has anyone ever attempted to get such ciphers included in that IANA list? It
> seems AES-192 is being treated rather stepmotherly in the standards.
AES 192 has been discussed at various times in the IETF mailing lists (see CFRG and TLS for most likely places). Here's one posting:
https://www.ietf.org/mail-archive/web/cfrg/current/msg04820.html
My short summary is that if 128 isn't good enough for you, use 256. 192 is a midpoint that only makes things more complicated by adding more options (and potentially increases the size of the clienthello message, which has had deployment problems with some platforms).
More information about the openssl-dev
mailing list