[Ach] Adding more cipher suites
Adi Kriegisch
adi at kriegisch.at
Thu Nov 14 10:12:43 CET 2013
Hi!
> I fully agree with the fact the AES128 and AES192 should be added.
> Firstly because none of them are currently broken or close to be broken.
No objection here. (except for the fact that I am unable to find AES192 in
the iana list of specified ciphers for SSL/TLS -- hopefully you can help me
out here?!)
> Secondly because some programming languages are painfull if you want to
> use AES with keylenght > 128 (Java). Java is still widely use and I
> hope that some developpers will read this document and enhance the way
> to use crypto :-D.
But please do not expect this to be solved that way: Java is still only
able to deal with DH params <=1024bit. Regarding current clients, enabling
AES* and/or CAMELLIA* does not give us more clients able to connect, I
guess.
I consider the dhparam limit (and the default in most/all software) one of
those hidden weakenings of crypto standards and I do not see a point in
lowering the dhparam proposal to less than the recommended RSA key size.
If Java is a concern it is probably better to add a non ephemeral AES128
with CBC and SHA-1 and live with not having forward secrecy. Just like we
have AES256-SHA as a fallback for old (server) implementations that do not
support anything else (lighttpd on Debian/Squeeze is an example for that),
so we could add AES128-SHA to the end of that list to support Java[67].
-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131114/9abf8a80/attachment.sig>
More information about the Ach
mailing list