7

I am wondering if the order in which the cipher suites appear (from top to bottom) in the ClientHello message, and the client preference are relevant. So for example in the picture I have attached, is TLS_RSA_WITH_RC4_128_MD5 the most preferred suite because it is at the top?

Thank you in advance

Cipher Suites

Irene Ant
  • 659
  • 7
  • 19

1 Answers1

10

The order in the ClientHello shows what the client prefers, i.e. the preferred ciphers are on top. The server is still free to ignore this order and pick what it thinks is best. Often there is a related setting in the TLS configuration of the server, like SSLHonorCipherOrder for apache or ssl_prefer_server_ciphers for nginx. Cloudflare at least makes use of the clients preference to optimize the connection. From Do the ChaCha: better mobile performance with cryptography:

CloudFlare is able to intelligently choose whether to choose AES or ChaCha/Poly for different clients based on the client’s advertised cipher preference. For recent Intel processors, we use the standard AES-GCM algorithm. For browsers on machines that do not have a hardware AES chip, we prefer the ChaCha20-Poly1305.

Also RFC 5246 (TLS 1.2) says in section 7.4.1.2 ClientHello:

cipher_suites
  This is a list of the cryptographic options supported by the
  client, with the client's first preference first. ...
Community
  • 1
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thanks a lot! Do you know if there is any bibliography that confirms that the order of suites in the ClientHello message is according to what the client prefers ? I need to be able to prove that this is the case indeed :/ – Irene Ant Apr 26 '16 at 17:51
  • @IreneAnt: see edit. – Steffen Ullrich Apr 26 '16 at 17:56
  • `exim` also seems to choose between `AES-GCM` & `ChaCha20-Poly1305` in `kvm` depending on if hardware acceleration is available – Stuart Cardall May 16 '17 at 04:20