> I generally agree, though we just added one small exception to NSS, and > have been discussing another for a while now: Respecting client preference > for ChaCha over GCM makes a real difference for clients that don't have AES- > NI.
Yes, a number of net companies do this (Google, CloudFlare, Akamai and no doubt others). OpenSSL will support something like this in a future release (boringSSL has "equivalence classes" but the syntax and limitations aren't great). But it doesn't matter -- it's still the server choosing what to do :) -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: [email protected] Twitter: RichSalz _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
