Hi, I do not see any reason to use CCM if we can use GCM. GCM is far better. I would explicitly disable CCM. I think this sums it up okay: https://crypto.stackexchange.com/questions/6842/how-to-choose-between-aes-ccm-and-aes-gcm-for-storage-volume-encryption -Michael > On 11 Feb 2019, at 08:52, ummeegge wrote: > > Hi all, > > On Fr, 2019-01-18 at 18:06 +0100, Peter Müller wrote: >> Hello, >> >> just for the records some explanations on this patch: >> (a) Chacha/Poly is faster on devices without built-in AES >> acceleration. >> Since it provides the same strength as AES, I usually prefer it >> except >> for _very_ high bandwidth requirements. >> (b) At the moment, there seems to be little support of AESCCM, so I >> disabled it for now in order to keep our ciphersuite zoo smaller. :-) >> If there is any need to enable it, I will update the patch >> accordingly. > it seems that unbound uses AES-CCM. With version 1.9.0 which Matthias > has already pushed, some new directives for DoT has been introduced. > Please take a look to unbound example configurations --> > https://github.com/NLnetLabs/unbound/blob/master/doc/example.conf.in > under "cipher setting for TLSv1.3" . > > So it might be an idea to enable AESCCM !? > > >> >> I am happy this made its way into IPFire. :-) >> >> Updated add-on versions for Postfix and Tor will come soon, at the >> moment, I am somewhat busy with libloc, Suricata and the ORANGE >> default >> firewall behaviour. >> >> Thanks, and best regards, >> Peter Müller >> >>> >>> Even i use the old patch i am a happy tester with 64 bit since one >>> month + :-). >>> >>> The difference between old and new patch (from Peter) are not that >>> vast >>> and they looks like this: >>> >>> --- OpenSSL-1.1.1a_old_patch 2019-01-13 18:15:33.316651666 >>> +0100 >>> +++ OpenSSL-1.1.1a-new_patch 2019-01-13 18:16:22.008650232 >>> +0100 >>> @@ -1,31 +1,23 @@ >>> -TLS_AES_256_GCM_SHA384 TLSv1.3 >>> Kx=any Au=any Enc=AESGCM(256) Mac=AEAD >>> TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 >>> Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD >>> +TLS_AES_256_GCM_SHA384 TLSv1.3 >>> Kx=any Au=any Enc=AESGCM(256) Mac=AEAD >>> TLS_AES_128_GCM_SHA256 TLSv1.3 >>> Kx=any Au=any Enc=AESGCM(128) Mac=AEAD >>> -ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESGCM(256) Mac=AEAD >>> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=CHACHA20/POLY1305(256) Mac=AEAD >>> -ECDHE-ECDSA-AES256-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESCCM8(256) Mac=AEAD >>> -ECDHE-ECDSA-AES256-CCM TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESCCM(256) Mac=AEAD >>> +ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESGCM(256) Mac=AEAD >>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESGCM(128) Mac=AEAD >>> -ECDHE-ECDSA-AES128-CCM8 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESCCM8(128) Mac=AEAD >>> -ECDHE-ECDSA-AES128-CCM TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AESCCM(128) Mac=AEAD >>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AES(256) Mac=SHA384 >>> ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=Camellia(256) Mac=SHA384 >>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=AES(128) Mac=SHA256 >>> ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA >>> Enc=Camellia(128) Mac=SHA256 >>> -ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD >>> ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD >>> +ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD >>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD >>> ECDHE-RSA-AES256-SHA384 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 >>> ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=Camellia(256) Mac=SHA384 >>> ECDHE-RSA-AES128-SHA256 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 >>> ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 >>> Kx=ECDH Au=RSA Enc=Camellia(128) Mac=SHA256 >>> -DHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD >>> DHE-RSA-CHACHA20-POLY1305 TLSv1.2 >>> Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD >>> -DHE-RSA-AES256-CCM8 TLSv1.2 >>> Kx=DH Au=RSA Enc=AESCCM8(256) Mac=AEAD >>> -DHE-RSA-AES256-CCM TLSv1.2 >>> Kx=DH Au=RSA Enc=AESCCM(256) Mac=AEAD >>> +DHE-RSA-AES256-GCM-SHA384 TLSv1.2 >>> Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD >>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 >>> Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD >>> -DHE-RSA-AES128-CCM8 TLSv1.2 >>> Kx=DH Au=RSA Enc=AESCCM8(128) Mac=AEAD >>> -DHE-RSA-AES128-CCM TLSv1.2 >>> Kx=DH Au=RSA Enc=AESCCM(128) Mac=AEAD >>> DHE-RSA-AES256-SHA256 TLSv1.2 >>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 >>> DHE-RSA-CAMELLIA256-SHA256 TLSv1.2 >>> Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA256 >>> DHE-RSA-AES128-SHA256 TLSv1.2 >>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 >>> @@ -37,14 +29,9 @@ >>> DHE-RSA-AES256-SHA SSLv3 >>> Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 >>> DHE-RSA-CAMELLIA256-SHA SSLv3 >>> Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 >>> DHE-RSA-AES128-SHA SSLv3 >>> Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 >>> -DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) >>> Mac=SHA1 >>> DHE-RSA-CAMELLIA128-SHA SSLv3 >>> Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 >>> AES256-GCM-SHA384 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD >>> -AES256-CCM8 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESCCM8(256) Mac=AEAD >>> -AES256-CCM TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESCCM(256) Mac=AEAD >>> AES128-GCM-SHA256 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD >>> -AES128-CCM8 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESCCM8(128) Mac=AEAD >>> -AES128-CCM TLSv1.2 >>> Kx=RSA Au=RSA Enc=AESCCM(128) Mac=AEAD >>> AES256-SHA256 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 >>> CAMELLIA256-SHA256 TLSv1.2 >>> Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA256 >>> AES128-SHA256 TLSv1.2 >>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 >>> >>> So mostly changes are causing by the disabled AES-CCM. >>> > > Best, > > Erik >