Stitched vs non-Stitched Ciphersuites
Sam Roberts
vieuxtech at gmail.com
Wed Feb 27 16:33:22 UTC 2019
On Tue, Feb 26, 2019 at 8:42 AM Matt Caswell <matt at openssl.org> wrote:
> > What about AEAD ciphers? Are they considered "stitched"?
>
> No, they are not "stitched" but they are not impacted by this issue. We should
> probably make that clearer in the advisory.
That would be helpful!
Even though this is fixed, would the general advice still be "avoid
CBC in favour of AESCCM and AESGCM when using TLS1.2"? Or update to
TLS1.3.
More information about the openssl-users
mailing list