openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon PeterMosmans

CCM/CCM8 ciphers?

Open drwetter opened this issue 10 years ago • 2 comments

Hi Peter,

any timeline for CCM ciphers? 1.1.0 lists 20 additional ones.

Cheers, Dirk

drwetter avatar Sep 25 '15 22:09 drwetter

So, I looked around at the ciphers and newly added code. Theoretically I could 'backport' the CCM ciphers from the master branch into the 1.0.2-chacha branch. However, this means that these ciphers won't get updates automatically, and will make the merging process more difficult. I could also apply the custom patches from 1.0.2-chacha to the master branch, and keep that version up to date.

Not sure which path is the least painless... let me think some more about this...

PeterMosmans avatar Oct 12 '15 06:10 PeterMosmans

Hi @PeterMosmans,

thx for looking into it! Yes, you're right. This is a more a strategic question, I guess.

In the long run probably a 1.1.0 chacha-pm branch would be the best (I see 1.1.dev doesn't contain the chacha/poly ciphers).

BTW: Just out of curiosity I ran openssl 1.1 against a few site with testssl.sh -- also it would require some work for testssl.sh. And -- attention sarcasm -- of course the current 1.1 is even more secure. ;-) E.g. it requires at least 1024 DH ciphers at the server, amongst other things.

For me it would become important when CCM ciphers will be more deployed on the server side. Currently I don't have any statistics (how should I?) but I of course want to be ahead of time -- before it'll be deployed.

Cheers, Dirk

drwetter avatar Oct 12 '15 07:10 drwetter