Re: [Help-gnutls] Default cipher priority in `gnutls-cli'?

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Default cipher priority in `gnutls-cli'?

From:	Nikos Mavroyanopoulos
Subject:	Re: [Help-gnutls] Default cipher priority in `gnutls-cli'?
Date:	Mon, 31 May 2004 23:13:32 +0300
User-agent:	KMail/1.6.1

On Monday 31 May 2004 21:53, Simon Josefsson wrote:

> I just installed GNUTLS support for STARTTLS in Emacs, via gnutls-cli.
> When doing so, and personally moving away from the OpenSSL based
> 'starttls' tool to gnutls-cli, I noticed gnutls-cli default to RC4:
> starttls: TLSv1 with cipher RC4-SHA (128/128 bits new) no authentication
> Whereas OpenSSL's default was AES-256.
> Looking at the code, the current default priority list appear to be:
>
> RC4-128, AES-128, 3DES, AES-256, RC4-40
> Is there some motivation for that priority order?
> IMHO, I find a list like the following would be easier to motivate:
> AES-256, AES-128, 3DES, RC4-128, RC4-40
> Where the motivation would be: first use strongest standardized cipher
> (AES-256/128), followed by strongest historical cipher (3DES),
> followed by interop ciphers.
As far as I remember speed was the motivation, but you are right, the cipher
strength should be the sorting key. I'll update the client soon.

> Thanks.

-- 
Nikos Mavroyanopoulos

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Default cipher priority in `gnutls-cli'?, Simon Josefsson, 2004/05/31
- Re: [Help-gnutls] Default cipher priority in `gnutls-cli'?, Nikos Mavroyanopoulos <=

Prev by Date: [Help-gnutls] Default cipher priority in `gnutls-cli'?
Previous by thread: [Help-gnutls] Default cipher priority in `gnutls-cli'?
Index(es):
- Date
- Thread