On 29 September 2016 at 02:02, Stephen Checkoway <[email protected]> wrote: > * The only time to take the client's preference into account is if the server > really has no opinion on an option--e.g., two equivalent-strength cipher > suites--but the client can specify a preference for an option that requires > less computation/power for it. But I'm not entirely convinced that's worth > the implementation cost.
I generally agree, though we just added one small exception to NSS, and have been discussing another for a while now: Respecting client preference for ChaCha over GCM makes a real difference for clients that don't have AES-NI. _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
