The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
--- Begin Message ---
Here are the ciphersuite preference parameters being used in
ustream-ssl with openssl/wolfssl (and with mbedtls, minus the
chacha-poly cipher):
- key exchange: prefer ECDHE, then DHE(client only), then RSA
- prefer AEAD ciphers:
chacha20-poly1305, the fastest in software, 256-bits
aes128-gcm, 128-bits
aes256-gcm, 256-bits
- CBC ciphers
aes128, aes256, 3DES(client only)
Now that mbedtls added support to chacha-poly, we can finally make them
all the same. As for the speed comparison between the AEAD ciphers,
here are the numbers using openssl 1.1.0 on Asus RT-N56U (mips74kc).
((openssl speed -evp chacha20-poly1305 | egrep "^(type|chacha)") && (openssl
speed -evp aes-128-gcm && openssl speed -evp aes-256-gcm) | egrep "^aes")
2>/dev/null
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384
bytes
chacha20-poly1305 6873.30k 10734.22k 12217.75k 12613.07k 12769.39k
12665.00k
aes-128-gcm 3759.88k 4280.96k 4415.66k 4437.79k 4456.12k
4436.88k
aes-256-gcm 3408.83k 3738.10k 3838.52k 3841.90k 3864.31k
3882.17k
chach20-poly1305 is almost 3 times faster than AES128, with twice the
strength.
Eneas U de Queiroz (1):
ustream-ssl: mbedtls: use chacha-poly ciphersuites
ustream-mbedtls.c | 5 +++++
1 file changed, 5 insertions(+)
--
2.16.4
--- End Message ---
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
