[issue20995] Use Better Default Ciphers for the SSL Module
Antoine Pitrou
report at bugs.python.org
Wed Apr 23 15:34:11 CEST 2014
Antoine Pitrou added the comment:
> For any device that has hardware support for AES (AES-NI) AES-GCM is
> hands down a better choice of cipher. It is secure, has no issues in
> the spec itself, and it is *fast*, like 900MB/s for AES-128-GCM on a
> Sandy Bridge Xeon w/ AES-NI (ChaCha20Poly1305 got 500MB/s on the same
> hardware, however it is a 256bit cipher will AES-128-GCM is a 128 bit
> cipher). Using ChaCha20 on those devices would be a worse choice than
> AES-GCM.
I think performance isn't really relevant, except perhaps on very busy
servers. A smartphone acting as a *client* certainly shouldn't need to
download 20 MB/s of encrypted data.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20995>
_______________________________________
More information about the Python-bugs-list
mailing list