Author christian.heimes
Recipients alex, christian.heimes, dstufft, giampaolo.rodola, gregory.p.smith, janssen, pitrou
Date 2016-08-25.07:36:42
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1472110603.52.0.902024853894.issue27768@psf.upfronthosting.co.za>
In-reply-to
Content
GPS, sure it is simple enough under Linux. But what about other operating systems? OPENSSL_ia32cap_loc() works under Windows, too.

Antoine, AES-GCM is still faster and performs better than ChaCha20 Poly1305. NSS and Mozilla's recommended cipher suite list prefers AES-GCM over ChaCha20, too. https://wiki.mozilla.org/Security/Server_Side_TLS

It's reasonable and simple to provide the best cipher suite that matches the systems' capabilities. As Alex stated, performance is security.

To provide the CPU capabilities to the ssl module and 3rd party authors (e.g. Cory asked on behalf of requests), let's keep ssl._ia32cap() a private function and just add two constants: HAVE_AESNI = True/False/None, HAVE_PCLMULQDQ = True/False/None (None: ia32cap is not available on the system). Is that ok with you?
History
Date User Action Args
2016-08-25 07:36:43christian.heimessetrecipients: + christian.heimes, gregory.p.smith, janssen, pitrou, giampaolo.rodola, alex, dstufft
2016-08-25 07:36:43christian.heimessetmessageid: <1472110603.52.0.902024853894.issue27768@psf.upfronthosting.co.za>
2016-08-25 07:36:43christian.heimeslinkissue27768 messages
2016-08-25 07:36:42christian.heimescreate