[gnutls-dev] 256 bit ciphers

Simon Josefsson simon at josefsson.org
Sat Oct 13 21:53:02 CEST 2007

Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> writes:

> Hello,
>  I think the 256 ciphers offer no more in security than their 128 bit
> equivalents and they are in general slower. Thus I think it would be a good
> idea to remove them from the default priority lists. Are there any objections
> or good reason to keep them?

The gnutls_set_default_export_priority function is the same both for
clients and servers, and while it may make sense to only use 128 bits by
default in clients, not supporting 256 bits in servers seems
problematic.  What if a client supports AES-256 and ARCFOUR-128 connects
to a GnuTLS server with default settings?  Then they would end up with
ARCFOUR-128 which seems bad.

There should probably had been two "default" functions, one for clients
and one for servers, since the defaults may be different.  It may be too
late to change that.

Btw, it is difficult for applications to use the default GnuTLS plus
some minor change.  I mean, if an application wants to use the defaults
plus AES-256, he must copy the entire cipher list from GnuTLS and add it
back using gnutls_cipher_set_priority.  OpenSSL have these
ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH strings (see 'man ciphers') but I'm
not sure it is a good idea.


More information about the Gnutls-devel mailing list