AES_256_GCM for TLS.

Historically, TLS used AES ciphers based on a flawed CBC-mode-based construction. These ciphers are fragile and very difficult to implement securely. TLS 1.2 added better ciphers based on AES-GCM. We current support AES_128_GCM, but many servers order by key size above all else, placing the legacy AES_256_CBC above our preferred AES_128_GCM. To simplify server configuration and negotiate modern ciphers with more existing servers, we'll be adding AES_256_GCM as well.

Specification

Established standard

Status in Chromium

Blink components: Blink

Enabled by default (launch bug) in:

• Chrome for desktop release 51
• Chrome for Android release 51
• Opera release 38
• Opera for Android release 38

Consensus & Standardization

• Firefox: No public signals
• Edge: Shipped
• Safari: Shipped
• Web Developers: No signals

Owner

• davidben@chromium.org

Last updated on 2017-06-14