[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Default cipher priority in `gnutls-cli'?
|
From: |
Simon Josefsson |
|
Subject: |
[Help-gnutls] Re: Default cipher priority in `gnutls-cli'? |
|
Date: |
Tue, 01 Jun 2004 08:38:47 +0200 |
|
User-agent: |
Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) |
Nikos Mavroyanopoulos <address@hidden> writes:
> On Monday 31 May 2004 21:53, Simon Josefsson wrote:
>
>> I just installed GNUTLS support for STARTTLS in Emacs, via gnutls-cli.
>> When doing so, and personally moving away from the OpenSSL based
>> 'starttls' tool to gnutls-cli, I noticed gnutls-cli default to RC4:
>> starttls: TLSv1 with cipher RC4-SHA (128/128 bits new) no authentication
>> Whereas OpenSSL's default was AES-256.
>> Looking at the code, the current default priority list appear to be:
>>
>> RC4-128, AES-128, 3DES, AES-256, RC4-40
>> Is there some motivation for that priority order?
>> IMHO, I find a list like the following would be easier to motivate:
>> AES-256, AES-128, 3DES, RC4-128, RC4-40
>> Where the motivation would be: first use strongest standardized cipher
>> (AES-256/128), followed by strongest historical cipher (3DES),
>> followed by interop ciphers.
> As far as I remember speed was the motivation,
Ah, then the list makes more sense to me.
> but you are right, the cipher strength should be the sorting
> key. I'll update the client soon.
Thanks,
Simon
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Help-gnutls] Re: Default cipher priority in `gnutls-cli'?,
Simon Josefsson <=