Message 272753 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Lukasa, alex, christian.heimes, dstufft, giampaolo.rodola, hynek, janssen
Date	2016-08-15.12:12:43
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<a2a6ee27-acb8-2faa-a36c-49928afd098a@cheimes.de>
In-reply-to	<1471259355.13.0.807885563493.issue27766@psf.upfronthosting.co.za>

Content
On 2016-08-15 13:09, Alex Gaynor wrote: > > Alex Gaynor added the comment: > > So, for servers really what we care about is if the _client_ has PCLMULQDQ/AESNI, not whether the server itself does. Unfortunately, there's no sane way to do this. For servers we want to prefer CHACHA20 over AESGCM iff both sides have AES-NI and CLMUL. A server on a device such as a RPi benefits from CHACHA20, too. For that reason I also changed the server side cipher string. As you already said, there is no way to express this with OpenSSL cipher suite string.

On 2016-08-15 13:09, Alex Gaynor wrote:
> 
> Alex Gaynor added the comment:
> 
> So, for servers really what we care about is if the _client_ has PCLMULQDQ/AESNI, not whether the server itself does. Unfortunately, there's no sane way to do this.

For servers we want to prefer CHACHA20 over AESGCM iff both sides have
AES-NI and CLMUL. A server on a device such as a RPi benefits from
CHACHA20, too. For that reason I also changed the server side cipher string.

As you already said, there is no way to express this with OpenSSL cipher
suite string.

History
Date	User	Action	Args
2016-08-15 12:12:43	christian.heimes	set	recipients: + christian.heimes, janssen, giampaolo.rodola, alex, hynek, dstufft, Lukasa
2016-08-15 12:12:43	christian.heimes	link	issue27766 messages
2016-08-15 12:12:43	christian.heimes	create