CCM/CCM8 ciphers?
Opened this issue · 2 comments
Hi Peter,
any timeline for CCM ciphers? 1.1.0 lists 20 additional ones.
Cheers, Dirk
So, I looked around at the ciphers and newly added code. Theoretically I could 'backport' the CCM ciphers from the master branch into the 1.0.2-chacha branch. However, this means that these ciphers won't get updates automatically, and will make the merging process more difficult.
I could also apply the custom patches from 1.0.2-chacha to the master branch, and keep that version up to date.
Not sure which path is the least painless... let me think some more about this...
Hi @PeterMosmans,
thx for looking into it! Yes, you're right. This is a more a strategic question, I guess.
In the long run probably a 1.1.0 chacha-pm branch would be the best (I see 1.1.dev doesn't contain the chacha/poly ciphers).
BTW: Just out of curiosity I ran openssl 1.1 against a few site with testssl.sh -- also it would require some work for testssl.sh. And -- attention sarcasm -- of course the current 1.1 is even more secure. ;-) E.g. it requires at least 1024 DH ciphers at the server, amongst other things.
For me it would become important when CCM ciphers will be more deployed on the server side. Currently I don't have any statistics (how should I?) but I of course want to be ahead of time -- before it'll be deployed.
Cheers, Dirk