[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] 256 bit ciphers

From: Nikos Mavrogiannopoulos
Subject: Re: [gnutls-dev] 256 bit ciphers
Date: Mon, 15 Oct 2007 00:24:32 +0300
User-agent: KMail/1.9.6 (enterprise 0.20070907.709405)

On Saturday 13 October 2007, Simon Josefsson wrote:
> Nikos Mavrogiannopoulos <address@hidden> writes:
> > Hello,
> >  I think the 256 ciphers offer no more in security than their 128 bit
> > equivalents and they are in general slower. Thus I think it would be a
> > good idea to remove them from the default priority lists. Are there any
> > objections or good reason to keep them?
> The gnutls_set_default_export_priority function is the same both for
> clients and servers, and while it may make sense to only use 128 bits by
> default in clients, not supporting 256 bits in servers seems
> problematic.  What if a client supports AES-256 and ARCFOUR-128 connects
> to a GnuTLS server with default settings?  Then they would end up with
> ARCFOUR-128 which seems bad.
> There should probably had been two "default" functions, one for clients
> and one for servers, since the defaults may be different.  It may be too
> late to change that.

Indeed. Yes maybe it is a good idea for the default ciphers to contain all the 
strong supported ciphers.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]