[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox

Kurt Roeckx kurt at roeckx.be
Thu Jan 2 21:51:34 CET 2014

On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
> > I *think* they want to prefer CAMELLIA to AES, judging by the published ciphersuite.
> > But the construction must be wrong because it returns AES first. If the intent is to
> > prefer Camellia, then I am most interesting in the rationale.
> Thanks for reporting this!
> Yes. The intent was to prefer Camellia where possible. First off we wanted to have more diversity. Second not everybody
> is running a sandybridge (or newer) processor. Camellia has better performance for non-intel processors with about the
> same security.

I know that for AES people having been putting an effort in making
this constant time.  Having AES-NI clearly helps with this.  I
can't say the same for Camellia and so think it doesn't make sense
to prefer it over AES.

NSS/Firefox currently still has Camellia as first non-ECDHE and
as result does use it for sites supporting it.  But as far as I
know it's the only browser supporting it, and the next version is
going to prefer AES over Camellia all the time which resulted in
it's usage going from about 5% to as good as 0%.

There has also been talk about either disbaling it by default
or even dropping support for it but that currently didn't happen


More information about the Ach mailing list