[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Aaron Zauner azet at azet.org
Tue Nov 3 23:11:48 CET 2015

* Gunnar Haslinger <gh.bettercrypto at hitco.at> [03/11/2015 23:09:16] wrote:
> Am 03.11.2015 um 22:38 schrieb Aaron Zauner:
> > I recommend double-checking a cipherstring recommendation against
> > *all* 0.9.8 and 1.0.1 branches.
> OK ... thats harder than I expected.
> But than it seems to be unsolvable for me to get a predictable situation
> by recommending a fixed "Cipher Suite B" String.
> Maybe the recommendation should not be a fixed CipherString but a
> OpenSSL/Distri-specific String?
> Or maybe it's possible to write a Script which checks out what OpenSSL
> offers on this specific platform and "brute-force-tests" with the very
> common configuration-Options what fits best against to be defined
> "BetterCrypto-Rules"?

I do agree there. And we've had the idea for quite a while now.
Ideally we'd have a web form where you fill out your daemon, it's
version, your operating system, the distribution and version and a
bit of JavaScript magic does the rest. Nobody found time for that so
far. Even better would be rendering the document specific to a
certain distribution / OpenSSL version. But that's kinda getting out
of hand.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20151103/9a8afff6/attachment.sig>

More information about the Ach mailing list