freebsd security - Jul 2012 - OpenSSL on 9.0-RELEASE-p3 using Camellia as default TLS cipher?

Hi everyone,

I'm relatively new to running FreeBSD servers (a few months
experience, but mainly run Linux servers), and while setting up a few
apps on my server running 9.0-RELEASE-p3, such as Twisted and nginx, I
noticed that FreeBSD's OpenSSL implementation seems to default to the
Camellia cipher for TLS connections. I was wondering if this was by
design or accident? I find it odd that a less well-known cipher with
less cryptanalysis performed against it is picked over the well known,
hardware accelerated and well tested AES cipher, even if they are of
similar design.

Thanks,

--
Michael Holmes

Michael,

I think you'll find that the cipher selection is based on negotiation
between the client & server.  Perhaps if you examine the config files, or
ascertain the defaults of the applications being used, you'll be able to
pin-point the reason for the selection.

Regards, Dewayne.