[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

Gunnar Haslinger gh.bettercrypto at hitco.at
Sun Nov 8 11:59:45 CET 2015

Am 08.11.2015 um 11:46 schrieb Adi Kriegisch:
>> the Result is:
>> $ openssl ciphers -v
>> '-ALL:ECDH+aRSA+AES:DH+aRSA+AES:aRSA+kRSA+AES:+AES256' | cut -f1 -d" "
>> DHE-RSA-AES128-SHA256
>> AES128-GCM-SHA256
>> AES128-SHA256
>> AES128-SHA
>> DHE-RSA-AES256-SHA256
>> AES256-GCM-SHA384
>> AES256-SHA256
>> AES256-SHA
> You do notice that you prefer non-ephemeral ciphers over ephemeral ones
> here, right? As the fallback cipher you only ever need AES256-SHA and
> nothing else to support legacy-old-really-old-legacy versions of openssl
> at the very end of the cipher string.

No, i don't like to prefer non-ephermeral Ciphers and I think this is
not configured - let me explain:
The choice which Cipher is picked is configured to be done by the Server.
It's not only the ordered list above which leads to the decision, it
also depends what the Client supports.

So as I already wrote: Only if a client disabled AES128 it will use the
stronger AES256 Suites.

Look at the List: A Client which offers AES128 Suites will get a Suite
from the Top-Half of the List. And as you see the non-ephemeral Ciphers
are at the End of the Top-Half. Only if a Client disabled AES128 Support
(maybe for the reason to only communicate AES256) the Lower-Half of the
List will be applied, and there the non-ephemeral Ciphers are at the End

More information about the Ach mailing list