>>>>> "DM" == Damien Miller <djm at mindrot.org> writes: DM> Evidence? openssl/crypto/modes/gcm128.c is full of array operations DM> that look decidedly non-constant time to me. [Appologies for the delay.] Then it seems that the articles which favoured gcm presumed that it would only get use with aesni or equivalent, or that I misread the authors' intent. :( An alternative would be an easy way to specify a preferred option for configs Ciphers, KexAlgorithms and/or MACs without disabling the defaults and without having to re-specify all of them. It might take the form of a string, such as DEFAULT, which expands to the default list or something like preferredCiphers, preferredKex and preferredMACs which, if set, are tried first. The ability to prefer a given algorithm set w/o blocking connections to hosts which cannot handle that set is useful. Doing so w/o having to duplicate the full list in the config file is even better. -JimC -- James Cloos <cloos at jhcloos.com> OpenPGP: 1024D/ED7DAEA6 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140124/ce77de2c/attachment.bin>
