On Fri, Aug 8, 2008 at 1:12 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > mozilla wrote, On 2008-08-08 12:31: >> Some have groused that the ordering of cipher suites has an bias against >> FIPS. For example, Camelia and RC4 seem to be prefered over AES. Is the >> rationale for the ordering documented or explained somewhere? My guess is >> that speed was a consideration. > > There is an official explanation somewhere. Perhaps Wan-Teh knows the URL.
The explanation is a comment in the source file sslenum.c: http://mxr.mozilla.org/security/source/security/nss/lib/ssl/sslenum.c#47 47 /* 48 * The ciphers are listed in the following order: 49 * - stronger ciphers before weaker ciphers 50 * - national ciphers before international ciphers 51 * - faster ciphers before slower ciphers 52 * 53 * National ciphers such as Camellia are listed before international ciphers 54 * such as AES and RC4 to allow servers that prefer Camellia to negotiate 55 * Camellia without having to disable AES and RC4, which are needed for 56 * interoperability with clients that don't yet implement Camellia. 57 */ See our previous discussion of this issue in the bug report https://bugzilla.mozilla.org/show_bug.cgi?id=430875 Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
