Rails 5.2 uses AES-256-GCM authenticated encryption
June 26, 2018
This blog is part of our Rails 5.2 series.
Before Rails 5.2, AES-256-CBC authenticated encryption was the default cipher
for encrypting messages.
It was proposed to use AES-256-GCM authenticated encryption as the default
cipher for encrypting messages because of following reasons:
- It produces shorter ciphertexts and performs quick encryption and decryption.
- It is less error prone and more secure.
So, AES-256-GCM became
default cipher for encrypting
messages in Rails 5.2 .
If we do not want AES-256-GCM as default cipher for encrypting messages in our
rails application, then we can disable it.
Rails.application.config.active_support.use_authenticated_message_encryption = false
Default Encryption for cookies and sessions was also updated to use
AES-256-GCM in this pull request.
If we do not want AES-256-GCM as default encryption of cookies and sessions,
then we can disable it too.
Rails.application.config.active_support.use_authenticated_cookie_encryption = false
If this blog was helpful, check out our full blog archive.