On Tue, 16 Dec 2014 15:14:13 +0100 Hubert Kario <[email protected]> wrote:
> No, this is problem with OpenSSL cipher order - it prefers key size > over other factors - it should prefer AEAD and PFS ciphers before > ordering on key size, doubly so that in practice you can't get > anywhere near 256 bit level of security using TLS. Agreed, this is one of the things I think that should happen. I got a reply on the chromium list that this is already so in boringssl. Code is in ssl/ssl_ciph.c If there is consensus that this should be ported I would try to isolate the neccessary patches from boringssl and submit them. -- Hanno Böck http://hboeck.de/ mail/jabber: [email protected] GPG: BBB51E42
pgpOzx88GMmMN.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
