> This means I need to take the default CipherSuites and simply remove any that ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

saturncoleus on May 22, 2016 | parent | context | favorite | on: Achieving a Perfect SSL Labs Score with Go

> This means I need to take the default CipherSuites and simply remove any that use a cipher smaller than 256bit.

Arguably using a higher bit cipher suite should be considered worse, since it reduces accessibility. 128 bit crypto (specifically the GCM suites) are ridiculously faster, to the point where it is practically free to enable it for all websites. Treating 256bit crypto as better feels like it is missing a key point of security: availability.

xorcist on May 22, 2016 | [–]

It is not at all obvious which of AES-128 and AES-256 is more secure.

See for example this 2009 paper: https://www.schneier.com/blog/archives/2009/07/another_new_a...

bpineau on May 22, 2016 | [–]

Right, and they had to salvage HTTP/2 support (which mandates 128 bit AES) in the process.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact