Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cipher sort order #48

Closed
mjaix opened this issue Jul 26, 2019 · 3 comments
Closed

Cipher sort order #48

mjaix opened this issue Jul 26, 2019 · 3 comments

Comments

@mjaix
Copy link

@mjaix mjaix commented Jul 26, 2019

First, thanks for the great tool.

With the major change in July 2019 (supporting TLS 1.3 etc.), the sort order of the ciphers (that is, the server-side preference list) seems to have changed somehow.
In contrast to the old sorting, ciphers with AES128 are now listed before their AES256 equivalents.
What is the root cause for this change?
Would it make sense to make the sort criterion selectable (like "strongest first" or "highest-performing first")?

@april

This comment has been minimized.

Copy link
Collaborator

@april april commented Jul 30, 2019

This is really only applicable in the old setting, since Modern and Intermediate let the client choose the cipher. For the old setting, we have leaned towards faster, and AES-256 is not appreciably more secure than AES-128.

@rmtbs

This comment has been minimized.

Copy link

@rmtbs rmtbs commented Jul 30, 2019

Hi,
Thanks for the great tool too, it's doing a really important job offering easy and safe recommendations.

I am wondering too about why the server order for the ciphers is disabled. I couldn't find a rationale in the docs or on the wiki. Did I miss something?

@april

This comment has been minimized.

Copy link
Collaborator

@april april commented Jul 30, 2019

It talks about it both in the Modern and Intermediate sections of the wiki:

• The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES

:)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.