-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add and enable AES CCM ciphers #271
Conversation
Would you show the document that says CCM is stronger than GCM? |
I don't think there is. But 256 is stronger than 128, isn't it? |
Oh. I didn't notice the bit sizes. Probably you are right. BTW, do you know why GCM is used instead of CCM in the main stream such as HTTP/2? |
CCM needs two AES operations per block, so is twice slower. |
@ocheron Thank you for the explanation! I did not know it. |
Ping @vdukhovni |
Given the performance impact, I'm reluctant to say that CCM is sufficiently stronger over GCM to justify the preference. But I am not a cryptographer. This question is better for the cryptography list: http://www.metzdowd.com/mailman/listinfo/cryptography |
See also: https://tools.ietf.org/html/draft-ietf-tls-iana-registry-updates-04#section-9 |
A more focused forum for such a question may be the TLS working group. |
our current of implementation of GCM is not sufficiently optimised, so it's even possible that 2 block encryption are currenlty faster than 1 block encryption + 1 GFmul. |
👍 nice addition and thanks for keeping track of haskell-ci/travis stuff too ! |
Any appetite for removing CCM8? I think it is not recommended for TLS. |
I included CCM8 mainly because there is a cipher defined in the TLS 1.3 draft. |
@vdukhovni Any references which suggest that CCM8 is not recommended for TLS? |
No reason to hold this any longer now that cryptonite-0.25 is in lts.
@vdukhovni Can you look if I got the order of ciphersuites right?
Basically in ciphersuite_strong I priorize AES256CCM over AES128GCM for security reason.
In ciphersuite_default, order is reversed for performance reason.
CCM8 is only in ciphersuite_all because I don't believe it's often used. It's only half of an AEAD.