| 1 | | I would note that aside from NIST SP 800-38D, another reason to add them is the European Union Agency for Network and Information Security 2013 Algorithms, Key Sizes and Parameters Report, published October 2013, which states: |
| 2 | | |
| 3 | | "This means at the time of writing we would only recommend the following cipher suites, for |
| 4 | | future use within TLS |
| 5 | | • _WITH_Camellia\index{Camellia}_128_GCM_SHA256, |
| 6 | | • _WITH_AES_128_GCM_SHA256, |
| 7 | | • _WITH_Camellia\index{Camellia}_256_GCM_SHA384, |
| 8 | | • _WITH_AES_256_GCM_SHA384, |
| 9 | | • _WITH_AES_128_CCM, |
| 10 | | • _WITH_AES_128_CCM_8, |
| 11 | | • _WITH_AES_256_CCM, |
| 12 | | • _WITH_AES_256_CCM_8. |
| 13 | | where is suffix denoting the underlying key exchange primitive." |
| 14 | | (\index{Camellia} typos from original document). |
| | 1 | I would note that aside from NIST SP 800-38D, another reason to add them is the European Union Agency for Network and Information Security 2013 Algorithms, Key Sizes and Parameters Report, published October 2013, which endorses GCM. |
