mozilla wrote, On 2008-08-08 12:31: > Some have groused that the ordering of cipher suites has an bias against > FIPS. For example, Camelia and RC4 seem to be prefered over AES. Is the > rationale for the ordering documented or explained somewhere? My guess is > that speed was a consideration.
There is an official explanation somewhere. Perhaps Wan-Teh knows the URL. Obviously, the major preference is for symmetric cipher key size, with all 256 bit ciphers coming first, then 128, etc. However, many cipher suites have the same symmetric key size. Within cipher suites with the same symmetric key size, preference was given - to ephemeral key establishment algorithms (ECDHE, DHE) over static ones - to ECC over RSA, and RSA over DSS (as signature algs) - to performance (explains RC4) - to ciphers preferred only in one nation, over those generally desired. Regarding that last point, some cipher suites are expected to be highly desired in some nations (such as Camellia in Japan and SEED in South Korea) and not much desired in other nations. NSS disables all the supported nation-specific cipher suites by default, and expects that applications will leave them disabled by default, and that users in the nations that want them will enable them. However, PSM in the FF3 browser apparently has enabled them all by default. That's out of the NSS team's hands. It's a browser decision. People who have FIPS requirements are expected to disable all cipher suites except those that use FIPS algorithms. That's explicitly stated in the documentation for the FIPS validated NSS PKCS#11 module. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
