Michael Holmes
2012-Jul-08 03:40 UTC
OpenSSL on 9.0-RELEASE-p3 using Camellia as default TLS cipher?
Hi everyone, I'm relatively new to running FreeBSD servers (a few months experience, but mainly run Linux servers), and while setting up a few apps on my server running 9.0-RELEASE-p3, such as Twisted and nginx, I noticed that FreeBSD's OpenSSL implementation seems to default to the Camellia cipher for TLS connections. I was wondering if this was by design or accident? I find it odd that a less well-known cipher with less cryptanalysis performed against it is picked over the well known, hardware accelerated and well tested AES cipher, even if they are of similar design. Thanks, -- Michael Holmes
Dewayne Geraghty
2012-Jul-09 02:34 UTC
OpenSSL on 9.0-RELEASE-p3 using Camellia as default TLS cipher?
Michael, I think you'll find that the cipher selection is based on negotiation between the client & server. Perhaps if you examine the config files, or ascertain the defaults of the applications being used, you'll be able to pin-point the reason for the selection. Regards, Dewayne.