From owner-freebsd-security@FreeBSD.ORG Sun Jul 8 03:40:36 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AED42106564A for ; Sun, 8 Jul 2012 03:40:36 +0000 (UTC) (envelope-from holmesmich@gmail.com) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by mx1.freebsd.org (Postfix) with ESMTP id 41C7D8FC14 for ; Sun, 8 Jul 2012 03:40:36 +0000 (UTC) Received: by wibhq12 with SMTP id hq12so1734794wib.1 for ; Sat, 07 Jul 2012 20:40:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=LUxLTgklnaIgzyeCqsafOFv4t33Dgm3wLIslRHnCvdk=; b=Jqx/tIdjJ7sgr0O1W4mJiaR0r3SIh+RTMnII9DH/X1YqpW622sh6Fm7UIRZcl2f3vA eien+fcvFzYcKDZfrwcLR9Ky9WBMyYvYNE7uHp9hi2sUkAVPcD2UAquz9NzSu7wmhg28 Yr6MIs00vEFtFVzt81GDErb28Vfap+VAMfHIA3bcU/vq0IMhoa3mMylGBUeeL96eYIm9 m8bYKbb6iQYFtKplMTcYDXRHtKMUX050DXuNbim6irGkWBdEbc/2KLopqseAGXgRrsuq vTkV1FBE397KbJWH90RXYVqhC4WTm1LIfvzlgT5ALVO1iJeB5KXqvfUGbQ24q74i1V7S uwJQ== MIME-Version: 1.0 Received: by 10.180.93.68 with SMTP id cs4mr19256391wib.14.1341718829412; Sat, 07 Jul 2012 20:40:29 -0700 (PDT) Received: by 10.216.229.93 with HTTP; Sat, 7 Jul 2012 20:40:29 -0700 (PDT) In-Reply-To: References: Date: Sun, 8 Jul 2012 04:40:29 +0100 Message-ID: From: Michael Holmes To: freebsd-security Content-Type: text/plain; charset=UTF-8 Subject: OpenSSL on 9.0-RELEASE-p3 using Camellia as default TLS cipher? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2012 03:40:36 -0000 Hi everyone, I'm relatively new to running FreeBSD servers (a few months experience, but mainly run Linux servers), and while setting up a few apps on my server running 9.0-RELEASE-p3, such as Twisted and nginx, I noticed that FreeBSD's OpenSSL implementation seems to default to the Camellia cipher for TLS connections. I was wondering if this was by design or accident? I find it odd that a less well-known cipher with less cryptanalysis performed against it is picked over the well known, hardware accelerated and well tested AES cipher, even if they are of similar design. Thanks, -- Michael Holmes