On Tue, 16 Dec 2014 03:09:53 +0000 Viktor Dukhovni <[email protected]> wrote:
> On Tue, Dec 16, 2014 at 02:18:40AM +0100, Hanno B?ck wrote: > > > Firefox and Chrome support authenticated encryption via TLS 1.2 and > > GCM these days. However they have for some reason decided not to > > support AES-256 but only AES-128. > > In which case, they will never use AES-256, and yet: No, you understood that wrong: They decided to not support AES-256 for CGM. For CBC they support both 128/256. > This is a cipherstring with great redundancy and a typo. What you > meant was: The cipher string doesn't really matter, it happens with every setting where you enable AES CBC/GCM ciphers in both 128/256 bit setting. And yes, my initial mail was a bit confused (server chooses, not client), still the result is the same: For very common settings it happens that browsers choose cbc if gcm would be available (just point chrome to https://www.openssl.org to see it). -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgps7WZymtGQM.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
