|
|
|
|
|
|
by edwintorok
4217 days ago
|
|
|
I like the alternative described here: https://www.imperialviolet.org/2014/02/27/tlssymmetriccrypto... "The end result is that Chrome talking to Google uses AES-GCM if there's hardware support at the client and ChaCha20-Poly1305 otherwise." It seems to be specific to Chrome though, and all TLS clients would have to reimplement that choice.
Would be good if there was a way to tell the SSL library to give you the best cipher that works on your hardware
(i.e. don't give AES-GCM/AES-CBC when there is no hardware support and the software implementation isn't constant time). |
|
|