Re: [gnutls-dev] 256 bit ciphers

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnutls-dev] 256 bit ciphers

From:	Nikos Mavrogiannopoulos
Subject:	Re: [gnutls-dev] 256 bit ciphers
Date:	Mon, 15 Oct 2007 00:24:32 +0300
User-agent:	KMail/1.9.6 (enterprise 0.20070907.709405)

On Saturday 13 October 2007, Simon Josefsson wrote:
> Nikos Mavrogiannopoulos <address@hidden> writes:
> > Hello,
> >  I think the 256 ciphers offer no more in security than their 128 bit
> > equivalents and they are in general slower. Thus I think it would be a
> > good idea to remove them from the default priority lists. Are there any
> > objections or good reason to keep them?
>
> The gnutls_set_default_export_priority function is the same both for
> clients and servers, and while it may make sense to only use 128 bits by
> default in clients, not supporting 256 bits in servers seems
> problematic.  What if a client supports AES-256 and ARCFOUR-128 connects
> to a GnuTLS server with default settings?  Then they would end up with
> ARCFOUR-128 which seems bad.
> There should probably had been two "default" functions, one for clients
> and one for servers, since the defaults may be different.  It may be too
> late to change that.

Indeed. Yes maybe it is a good idea for the default ciphers to contain all the 
strong supported ciphers.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

[gnutls-dev] 256 bit ciphers, Nikos Mavrogiannopoulos, 2007/10/12
- Re: [gnutls-dev] 256 bit ciphers, Simon Josefsson, 2007/10/13
  - Re: [gnutls-dev] 256 bit ciphers, Nikos Mavrogiannopoulos <=
- Re: [gnutls-dev] 256 bit ciphers, Simon Josefsson, 2007/10/13

Prev by Date: Re: [gnutls-dev] GnuTLS 2.1.2
Next by Date: [gnutls-dev] GnuTLS 2.1.3
Previous by thread: Re: [gnutls-dev] 256 bit ciphers
Next by thread: Re: [gnutls-dev] 256 bit ciphers
Index(es):
- Date
- Thread