On Mon, Nov 18, 2013 at 06:47:08PM -0800, Wan-Teh Chang wrote: > On Mon, Nov 18, 2013 at 4:57 PM, Brian Smith <br...@briansmith.org> wrote: > > > > Also, AES implementations are highly optimized, well-audited, > > well-tested, and are more likely to be side-channel free. Camellia > > doesn't get used very often. Yet, some websites (most famously, > > Yahoo!), prefer Camellia over AES, even when we offer AES at higher > > priority in the handshake. > > There must be a misunderstanding. NSS offers Camellia at higher > priority than AES in the ClientHello.
Yes, in the current stable version camellia is often negiotiated if the server supports it because it's almost always above the AES ciphers in the list. The biggest exception to that is ECDHE, because there is no camellia cipher of that. I think that the new order makes more sense, and at least in aurora the order has changed now. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
