On 27/02/2019 16:33, Sam Roberts wrote: > On Tue, Feb 26, 2019 at 8:42 AM Matt Caswell <matt@xxxxxxxxxxx> wrote: >>> What about AEAD ciphers? Are they considered "stitched"? >> >> No, they are not "stitched" but they are not impacted by this issue. We should >> probably make that clearer in the advisory. > > That would be helpful! It has been updated: https://www.openssl.org/news/secadv/20190226.txt > > Even though this is fixed, would the general advice still be "avoid > CBC in favour of AESCCM and AESGCM when using TLS1.2"? Or update to > TLS1.3. IMO, and in order: - TLSv1.3 is preferable to TLSv1.2 - in TLSv1.2 forward secret ciphersuites are preferable to non-forward secret ones - in TLSv1.2 using an AEAD based ciphersuite is preferable to a CBC one Probably there is a whole bunch of other stuff that should be added to that list - but I'm sure others will chip in with their advice :-) Matt
