[Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
Kurt Roeckx
kurt at roeckx.be
Thu Jan 2 21:51:34 CET 2014
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
> > I *think* they want to prefer CAMELLIA to AES, judging by the published ciphersuite.
> > But the construction must be wrong because it returns AES first. If the intent is to
> > prefer Camellia, then I am most interesting in the rationale.
> Thanks for reporting this!
>
> Yes. The intent was to prefer Camellia where possible. First off we wanted to have more diversity. Second not everybody
> is running a sandybridge (or newer) processor. Camellia has better performance for non-intel processors with about the
> same security.
I know that for AES people having been putting an effort in making
this constant time. Having AES-NI clearly helps with this. I
can't say the same for Camellia and so think it doesn't make sense
to prefer it over AES.
NSS/Firefox currently still has Camellia as first non-ECDHE and
as result does use it for sites supporting it. But as far as I
know it's the only browser supporting it, and the next version is
going to prefer AES over Camellia all the time which resulted in
it's usage going from about 5% to as good as 0%.
There has also been talk about either disbaling it by default
or even dropping support for it but that currently didn't happen
yet.
Kurt
More information about the Ach
mailing list