[Ach] Cipher-Order: AES128/AES256 - was: Secure E-Mail Transport based on DNSSec/TLSA/DANE

L. Aaron Kaplan kaplan at cert.at
Tue Nov 3 23:17:40 CET 2015


> On 03 Nov 2015, at 23:08, Gunnar Haslinger <gh.bettercrypto at hitco.at> wrote:
> 
> Am 03.11.2015 um 22:38 schrieb Aaron Zauner:
>> I recommend double-checking a cipherstring recommendation against
>> 
>> *all* 0.9.8 and 1.0.1 branches.
> 
> OK ... thats harder than I expected.
> But than it seems to be unsolvable for me to get a predictable situation by recommending a fixed "Cipher Suite B" String.
> 
> Maybe the recommendation should not be a fixed CipherString but a OpenSSL/Distri-specific String?
> 

This comes back to our idea for bettercrypto which we had ~ a year ago (or even longer ;-) - to make a drop down menu website where you select your OS, your distri version, ssl lib version and clients you want to support -> click “generate cipher string” and there you go.

However, this is probably needs some kind of automatic regression/compatibility testing.

> Or maybe it's possible to write a Script which checks out what OpenSSL offers on this specific platform and "brute-force-tests" with the very common configuration-Options what fits best against to be defined "BetterCrypto-Rules”?Maybe.


Maybe.
How much work can it be?

> 

> 
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20151103/78a8e86f/attachment.sig>


More information about the Ach mailing list