From owner-freebsd-security@FreeBSD.ORG  Sun Jul  8 03:40:36 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id AED42106564A
	for <freebsd-security@freebsd.org>;
	Sun,  8 Jul 2012 03:40:36 +0000 (UTC)
	(envelope-from holmesmich@gmail.com)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com
	[209.85.212.170])
	by mx1.freebsd.org (Postfix) with ESMTP id 41C7D8FC14
	for <freebsd-security@freebsd.org>;
	Sun,  8 Jul 2012 03:40:36 +0000 (UTC)
Received: by wibhq12 with SMTP id hq12so1734794wib.1
	for <freebsd-security@freebsd.org>;
	Sat, 07 Jul 2012 20:40:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:content-type; bh=LUxLTgklnaIgzyeCqsafOFv4t33Dgm3wLIslRHnCvdk=;
	b=Jqx/tIdjJ7sgr0O1W4mJiaR0r3SIh+RTMnII9DH/X1YqpW622sh6Fm7UIRZcl2f3vA
	eien+fcvFzYcKDZfrwcLR9Ky9WBMyYvYNE7uHp9hi2sUkAVPcD2UAquz9NzSu7wmhg28
	Yr6MIs00vEFtFVzt81GDErb28Vfap+VAMfHIA3bcU/vq0IMhoa3mMylGBUeeL96eYIm9
	m8bYKbb6iQYFtKplMTcYDXRHtKMUX050DXuNbim6irGkWBdEbc/2KLopqseAGXgRrsuq
	vTkV1FBE397KbJWH90RXYVqhC4WTm1LIfvzlgT5ALVO1iJeB5KXqvfUGbQ24q74i1V7S
	uwJQ==
MIME-Version: 1.0
Received: by 10.180.93.68 with SMTP id cs4mr19256391wib.14.1341718829412; Sat,
	07 Jul 2012 20:40:29 -0700 (PDT)
Received: by 10.216.229.93 with HTTP; Sat, 7 Jul 2012 20:40:29 -0700 (PDT)
In-Reply-To: <CAPoyk0jNebpChWRgoA4npgkzvR60tZ9rTgM4ZwQwxrk899946Q@mail.gmail.com>
References: <CAPoyk0jNebpChWRgoA4npgkzvR60tZ9rTgM4ZwQwxrk899946Q@mail.gmail.com>
Date: Sun, 8 Jul 2012 04:40:29 +0100
Message-ID: <CAPoyk0hLp2OH3e19fwWY+urda_CTLsQt_ZNjugpgJbnimEgPxA@mail.gmail.com>
From: Michael Holmes <holmesmich@gmail.com>
To: freebsd-security <freebsd-security@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Subject: OpenSSL on 9.0-RELEASE-p3 using Camellia as default TLS cipher?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Jul 2012 03:40:36 -0000

Hi everyone,

I'm relatively new to running FreeBSD servers (a few months
experience, but mainly run Linux servers), and while setting up a few
apps on my server running 9.0-RELEASE-p3, such as Twisted and nginx, I
noticed that FreeBSD's OpenSSL implementation seems to default to the
Camellia cipher for TLS connections. I was wondering if this was by
design or accident? I find it odd that a less well-known cipher with
less cryptanalysis performed against it is picked over the well known,
hardware accelerated and well tested AES cipher, even if they are of
similar design.

Thanks,

--
Michael Holmes