[wfunction]

> I would suggest the standard cipher first. Because, if the home brewed one is used first, it may leak information over side channels.

Ahh! I remember realizing this once but then I completely forgot about it. It's a good point, thanks for mentioning it. The thing to note here though is that the only side-channel attack here is the time taken for the encryption to occur, since we're talking about networks (and not physical penetration of the system's environment)... which is admittedly nontrivial to defend against with modern CPUs, but which is not quite as hard to do as it might seem, if by side channel people think of the same thing I normally do (e.g. E/M waves from the monitor or something).

So maybe apply a standard layer initially, add your custom layers, then top it off with another standard layer?

> Another concern is that if the home made cipher creates a cipher text with differing lengths depending on the content of the plain text

I guess I assumed it was obvious you would never do this because it's common sense if you know even basic cryptography, and as far as I know, this is literally the only possible failure mode with regards to information leakage in the ciphertext itself, so it's not like you have to worry about other similar situations either. (But do correct me if I'm wrong.)