As I mentioned above, I don't worry about old clients. Because they are all my friends, they should change their browsers for their better privacy. Actually, I will setup seafile web interface for my friends so I will select the most secured cipher. For now, I don't see any browser support AES_256_GCM.I can force my friends to use browsers with TLS support.
The difficulty for encrypting and decrypting a 256-bit block is the same as a 128-bit block. Considering properly-implemented TLS uses a ratchet to change the session key after each N records sent, a 128-bit block cipher is actually more secure for two reasons:Difference on 128 bit vs 256 bit: 256 bit is more "secure" - harder to calculate.
FUCKING PAYPAL.Going to FS only ciphers only will mean that legacy API clients (think curl / old wget with outdated certs) will all be unable to connect to you -- as @GIANT_CRAB found out today.
Use a mixture of older, and newer -- with preference on newer. And yes, GCM is preferred.
Not another Wikileaks site. But if I can set up a better mode, why don't I do it? At least I can learn something from your all advices :lol: Thank you all.I'm curious as to what your website hosts. Is it the next Wikileaks with information on friends and family? Is it the secret recipe to gran's beef brisket?