On 08/26/2016 12:44 AM, Bob Beck wrote: > On Thursday, 25 August 2016, Ted Unangst <t...@tedunangst.com> wrote: >> Andreas Bartelt wrote: >>> On 08/25/16 15:58, Brent Cook wrote: >>>> No objection here. Anyone else? >>>> >>> >>> in general, I personally would only add further cryptographic primitives >>> to a TLS configuration in case they provide sufficiently distinctive >>> advantages over the already available primitives. I don't see this for >>> Camellia since it doesn't seem to provide any better trade-offs than >>> AES. Or am I missing something here? >> >> Oh, I don't think we should add this to any default config. But the option >> should be available for users to configure. >> > > yes on both counts >
Just for clarification this means the patch is ok? Or do you think we should change >>>>> + .algo_strength = SSL_HIGH, to + .algo_strength = SSL_MEDIUM, for the cipher suits to reflect that the implementation didn't have the same support like DES CBC3, GOST, AES or ChaCha20? I am now starting with Camellia GCM suits.