[Ach] Vote for new Cipherstring B [Was: Issue with OpenSSL >0.9.8l]

Aaron Zauner azet at azet.org
Tue May 13 00:34:54 CEST 2014


Another thing to note is that there are not preferences specified for MACs
(SHA static for old OpenSSL versions).
But I think this is acceptable since nothing better was supported in those
versions/TLS back then anyway. Correct me if I'm wrong.


Aaron


On Tue, May 13, 2014 at 12:22 AM, Aaron Zauner <azet at azet.org> wrote:

> Argh. I forgot about ECDHE based ciphersuites and the ordering of
> CAMELLIA vs. AES and their respective bit-lenghts.
>
> ```
>
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA:ECDHE-RSA-AES128-SHA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> ```
>
> This is an insane cipherstring, but it works.
>
> Compared to the current Cipherstring B this yield the following result
> in testing:
> http://nopaste.narf.at/compare/p2uTJ8Gi7RGpBktp6nTr/bY1GlbqLyNZhUO27MG5B/
>
> Aaron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140513/a9d597cc/attachment.html>


More information about the Ach mailing list