Stitched vs non-Stitched Ciphersuites

Matt Caswell matt at
Wed Feb 27 16:42:37 UTC 2019

On 27/02/2019 16:33, Sam Roberts wrote:
> On Tue, Feb 26, 2019 at 8:42 AM Matt Caswell <matt at> wrote:
>>> What about AEAD ciphers? Are they considered "stitched"?
>> No, they are not "stitched" but they are not impacted by this issue. We should
>> probably make that clearer in the advisory.
> That would be helpful!

It has been updated:

> Even though this is fixed, would the general advice still be "avoid
> CBC in favour of AESCCM and AESGCM when using TLS1.2"? Or update to
> TLS1.3.

IMO, and in order:
- TLSv1.3 is preferable to TLSv1.2
- in TLSv1.2 forward secret ciphersuites are preferable to non-forward secret ones
- in TLSv1.2 using an AEAD based ciphersuite is preferable to a CBC one

Probably there is a whole bunch of other stuff that should be added to that list
- but I'm sure others will chip in with their advice :-)


More information about the openssl-users mailing list