[Ach] Adding more cipher suites

Adi Kriegisch adi at kriegisch.at
Thu Nov 14 10:12:43 CET 2013


> I fully agree with the fact the AES128 and AES192 should be added.
> Firstly because none of them are currently broken or close to be broken.
No objection here. (except for the fact that I am unable to find AES192 in
the iana list of specified ciphers for SSL/TLS -- hopefully you can help me
out here?!)

> Secondly because some programming languages are painfull if you want to 
> use AES with keylenght > 128 (Java).  Java is still widely use and I 
> hope that some developpers will read this document and enhance the way 
> to use crypto :-D.
But please do not expect this to be solved that way: Java is still only
able to deal with DH params <=1024bit. Regarding current clients, enabling
AES* and/or CAMELLIA* does not give us more clients able to connect, I
I consider the dhparam limit (and the default in most/all software) one of
those hidden weakenings of crypto standards and I do not see a point in
lowering the dhparam proposal to less than the recommended RSA key size.

If Java is a concern it is probably better to add a non ephemeral AES128
with CBC and SHA-1 and live with not having forward secrecy. Just like we
have AES256-SHA as a fallback for old (server) implementations that do not
support anything else (lighttpd on Debian/Squeeze is an example for that),
so we could add AES128-SHA to the end of that list to support Java[67].

-- Adi 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131114/9abf8a80/attachment.sig>

More information about the Ach mailing list