[Cryptography] What TLS ciphersuites are still OK?

Alan Braggins alan.braggins at gmail.com
Wed Sep 11 05:54:19 EDT 2013

On 10/09/13 15:58, james hughes wrote:
> On Sep 9, 2013, at 9:10 PM, Tony Arcieri <bascule at gmail.com
> <mailto:bascule at gmail.com>> wrote:
>> On Mon, Sep 9, 2013 at 9:29 AM, Ben Laurie <ben at links.org
>> <mailto:ben at links.org>> wrote:
>>     And the brief summary is: there's only one ciphersuite left that's
>>     good, and unfortunately its only available in TLS 1.2:
>> A lot of people don't like GCM either ;)
> Yes, GCM does have implementation sensitivities particularly around the
> IV generation. That being said, the algorithm is better than most and
> the implementation sensitivity obvious (don't ever reuse an IV).

I think the difficulty of getting a fast constant time implementation on
platforms without AES-NI type hardware support are more of a concern.

More information about the cryptography mailing list