On Tue, Nov 19, 2013 at 9:14 AM, Kurt Roeckx <k...@roeckx.be> wrote: > On Mon, Nov 18, 2013 at 06:47:08PM -0800, Wan-Teh Chang wrote: >> On Mon, Nov 18, 2013 at 4:57 PM, Brian Smith <br...@briansmith.org> wrote: >> > >> > Also, AES implementations are highly optimized, well-audited, >> > well-tested, and are more likely to be side-channel free. Camellia >> > doesn't get used very often. Yet, some websites (most famously, >> > Yahoo!), prefer Camellia over AES, even when we offer AES at higher >> > priority in the handshake. >> >> There must be a misunderstanding. NSS offers Camellia at higher >> priority than AES in the ClientHello.
I think you might be right. I remember testing the new cipher suite order and I was still seeing Camellia being used on https://login.yahoo.com. But, I tried it again now and it is using AES with the new cipher suite order. It is very possible that my original testing of this was off; perhaps due to the HTTP cache or user error. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto