Hi Manu,
>> I care primarily about vanilla OpenSSL, and in don't get a sense that there >> is an >> interest to implement this for TLSv1.2. > > It make sense with AEAD ciphers like AES-GCM and CHACHA20-POLY1305. and it’s > compatible with TLSv1.2. What I was trying to say above is: my impression is that OpenSSL is unlikely to implement equal-preference groups for TLSv1.2, although it would be needed. > I don’t like to change the default behavior if it can impact the security. > I think no-prefer-server-ciphers or simply prefer-client-ciphers would be a > better choice. Ok, I will respin this in that direction in the next few days. Thanks for the feedback. Lukas
