On Sat, 22 Aug 2015 10:21:42 +0000 Alessandro Ghedini via RT <r...@openssl.org> wrote:
> Which adds support for Camellia GCM and adds the correspondent TLS > cipher suites. Most of the code comes from the AES GCM > implementation, so maybe there's an opportunity for some refactoring > there. May I ask one question: Why? From what I observed others are moving away from camellia [1]. So why should openssl add more camellia support? From what I'm aware camellia is a block cipher like aes, and there is no serious problem with AES. Does camellia offer any significant advantage in any situation that would justify increasing support? I think a large problem of TLS in general and OpenSSL in particular is feature bloat. In the past features got added not because there was a clear need for them, but "because we can". After all the whole heartbleed story can largely be explained by that. I'd propose that OpenSSL doesn't add any new features without a clear explanation what advantage they bring in which situation - and who is likely going to use that feature. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpZa5ZbkffsO.pgp
Description: OpenPGP digital signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev