>Aside: this message was pretty garbled, and in richtext which my Outlook won't >fix sensibly. >I've tried to manually reformat what I can, but it would be easier if you >posted plaintext.
Really sorry for that, I saw it only once message was already posted. Thanks for taking the time anyway. >Do you mean "no" or "yes"? If you do use client-auth and RSA, then the >handshake is slower (costlier). >But my ">only< affects handshake" was agreeing that your problem probably >*isn't* handshake. I meant: yes, I'm using client-auth. >Not really at least for 3DES. Nobody is going to bruteforce any >=112 bit >cipher in my lifetime or yours. >Not even NSA, everybody's bete du jour (if not de l'annee, or whatever the >correct spelling is). >RC4 is the most endangered technically; it does have distinguishers (which >don't matter for SSL/TLS >which usually exposes the algorithm choice already, and in any case has >relatively few choices available) >and there has been progress against it when used for massively repeated data >which your described >application of file transfer wouldn't have. If the adversary can break the >key-exchange, or actively the >authentication, or the RNG, those are just as effective against AES256 as >against old single DES. Very interesting indeed. I seriously consider using 3DES but, using a third-party library (Qt), I was for the moment unable to force usage of a given cipher suite (unlike with openssl tool). >I don't know anything about that specific hardware, maybe someone else does. >In >general, if it's >just an accelerator and architecture specific, like AES-NI on Intel, it may be >enough to do assembler >that is conditionally invoked when available and maybe enabled. Otherwise yes >the 'engine' >architecture in OpenSSL is the way to use hardware or encapsulated crypto >primitives. Ok; I'm afraid this wouldn't be the only work I would have to achieve, I would probably also needed a dedicated kernel patch or KLM for managing the low-level access to the crypto- accelerator's registers. Need to check if ST provides it already. > >If you have 1.0.1 at both ends, or otherwise have TLSv1.2 at both ends, you > >could try the GCM ciphersuites, >which combine encryption with MAC into one > >operation. Actually I double checked and the cipher suite used by default is ECDHE-RSA-AES256-GCM- SHA384. So I actually use GCM already if I understand correctly. Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
