Before Rails 5.2, AES-256-CBC authenticated encryption was the default cipher for encrypting messages.
It was proposed to use AES-256-GCM authenticated encryption as the default cipher for encrypting messages because of following reasons:
- It produces shorter ciphertexts and performs quick encryption and decryption.
- It is less error prone and more secure.
So, AES-256-GCM became default cipher for encrypting messages in Rails 5.2 .
If we do not want AES-256-GCM as default cipher for encrypting messages in our rails application, then we can disable it.
1Rails.application.config.active_support.use_authenticated_message_encryption = false
Default Encryption for cookies and sessions was also updated to use AES-256-GCM in this pull request.
If we do not want AES-256-GCM as default encryption of cookies and sessions, then we can disable it too.
1Rails.application.config.active_support.use_authenticated_cookie_encryption = false