On Tue, Feb 26, 2019 at 8:42 AM Matt Caswell <matt@xxxxxxxxxxx> wrote: > > What about AEAD ciphers? Are they considered "stitched"? > > No, they are not "stitched" but they are not impacted by this issue. We should > probably make that clearer in the advisory. That would be helpful! Even though this is fixed, would the general advice still be "avoid CBC in favour of AESCCM and AESGCM when using TLS1.2"? Or update to TLS1.3.