Closed mjaix closed 5 years ago
april
commented
5 years ago This is really only applicable in the old setting, since Modern and Intermediate let the client choose the cipher. For the old setting, we have leaned towards faster, and AES-256 is not appreciably more secure than AES-128.
rmtbs
commented
5 years ago Hi, Thanks for the great tool too, it's doing a really important job offering easy and safe recommendations.
I am wondering too about why the server order for the ciphers is disabled. I couldn't find a rationale in the docs or on the wiki. Did I miss something?
april
commented
5 years ago It talks about it both in the Modern and Intermediate sections of the wiki:
• The cipher suites are all strong and so we allow the client to choose, as they will know best if they have support for hardware-accelerated AES
:)
First, thanks for the great tool.
With the major change in July 2019 (supporting TLS 1.3 etc.), the sort order of the ciphers (that is, the server-side preference list) seems to have changed somehow. In contrast to the old sorting, ciphers with AES128 are now listed before their AES256 equivalents. What is the root cause for this change? Would it make sense to make the sort criterion selectable (like "strongest first" or "highest-performing first")?