Which algorithm is stronger for TLS: AES-256 or Camellia-256?

1 Answers

It's hard to judge the strength of these algorithms. Camellia is considered roughly equivalent to AES in security (source). In any case, the difference probably won't matter. Either algorithm is secure enough to make your data channel no longer be the weakest link in your system, so you don't need to bother modifying any configuration.

Introduction: For my personal webserver I have setup apache with a self signed certificate to enable TLS security to learn and test. I have this line in virtualhost:

SSLProtocol -all -SSLv3 +TLSv1  

With firefox, I get Camellia-256 encrypted connection, and with opera I get TLS v1.0 256 bit AES (1024 bit DHE_RSA/SHA) with the same config in same server.

That leads me to question, which is stronger, AES, or Camellia?

I noticed that if I disable camellia with SSLCipherSuite TLSv1:+HIGH:!MEDIUM:!CAMELLIA then, firefox takes the same suite than opera.

In my config, I also try to disable all SSL versions to enable only TLS (advise needed if I didn't do so correctly), but the original question still stands: Which one should be stronger?