On Thursday 04 February 2016 17:10:45 Kurt Roeckx via RT wrote: > On Thu, Feb 04, 2016 at 10:10:06AM +0000, Moonchild via RT wrote: > > Really? > > > > That's all we get, a one-liner, no explanation, no rationale, > > response? It's not even "brand new" functionality, Camellia as a > > raw cipher is already in there, the only difference is wrapping it > > into GCM-based suites. Patches are available, too. > > I think the concerns are: > - Nobody else seems to be using Camellia
over 40% of Alexa top 1 million TLS enabled servers enable Camellia GnuTLS has implementation of Camellia-GCM for quite some time already > - We don't have a constant time implementation of it I don't see it mentioned anywhere in documentation, especially not in ciphers(1) man page. So, is it not so severe, or should the Camellia be removed from DEFAULT? > - For processors that have AESNI, it's slower than AES Irrelevant, nobody proposes to replace AES with Camellia > - Adding more ciphers to the default list will just increase the > client hello and not change anything. > > That being said, I don't think there should be a problem adding > the support. I'm just not sure about enabling it by default. I don't think anyone argues that it needs to be added to DEFAULT. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4075 Please log in as guest with password guest if prompted
signature.asc
Description: PGP signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
