<div dir="ltr">Another thing to note is that there are not preferences specified for MACs (SHA static for old OpenSSL versions). <div>But I think this is acceptable since nothing better was supported in those versions/TLS back then anyway. Correct me if I'm wrong.<div>
<br></div><div><br></div><div>Aaron</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 13, 2014 at 12:22 AM, Aaron Zauner <span dir="ltr"><<a href="mailto:azet@azet.org" target="_blank">azet@azet.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Argh. I forgot about ECDHE based ciphersuites and the ordering of<br>
CAMELLIA vs. AES and their respective bit-lenghts.<br>
<br>
```<br>
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA<br>
```<br>
<br>
This is an insane cipherstring, but it works.<br>
<br>
Compared to the current Cipherstring B this yield the following result<br>
in testing:<br>
<a href="http://nopaste.narf.at/compare/p2uTJ8Gi7RGpBktp6nTr/bY1GlbqLyNZhUO27MG5B/" target="_blank">http://nopaste.narf.at/compare/p2uTJ8Gi7RGpBktp6nTr/bY1GlbqLyNZhUO27MG5B/</a><br>
<span class="HOEnZb"><font color="#888888"><br>
Aaron<br>
<br>
</font></span></blockquote></div><br></div>