Support client preferred cipher order
Opened this issue · 5 comments
Currently, onCipherChoosing
only receives ciphers in the server's preferred order, making it impossible to support client preferred cipher order (as Apache does via SSLHonorCipherOrder off
). Mozilla's TLS guidelines recommend that client-preferred ciphers be used when no weak ciphers are present, so we should add an option to do this.
We can have an option for this but I'm not sure this is so useful.
The client may have better crypto implementation than the server.
I'm not sure how that makes it not so useful.
The recommendation implicitly assumes the server is more likely to have hardware acceleration. But it's not necessarily true, the build mechanisms do not do a great job at auto-enabling what the platform can provide. As of now for example optimized GCM is hidden behind a cabal flag and AESNI is not available on Windows.
In general, servers don't care that much about power consumption, and have a lot of beefy CPUs. Clients can be phones, smart watches, or IoT devices, though, which have much tighter power requirements (due to battery drain) and less spare CPU. Because of this, if the client doesn't have AES acceleration (even if the server does), I'd prefer that it get to use ChaCha20.
OK, a PR is welcome if there are end users impacted by this.