---
title: "Rails 5.2 uses AES-256-GCM authenticated encryption"
description:
  "Rails 5.2 uses AES-256-GCM authenticated encryption as default cipher for
  encrypting messages"
canonical_url: "https://www.bigbinary.com/blog/rails-5-2-uses-aes-256-gcm-authenticated-encryption-as-default-cipher-for-encrypting-messages"
markdown_url: "https://www.bigbinary.com/blog/rails-5-2-uses-aes-256-gcm-authenticated-encryption-as-default-cipher-for-encrypting-messages.md"
---

# Rails 5.2 uses AES-256-GCM authenticated encryption

Rails 5.2 uses AES-256-GCM authenticated encryption as default cipher for
encrypting messages

- Author: Sushant Mittal
- Published: June 26, 2018
- Categories: Rails 5.2, Rails

Before Rails 5.2, `AES-256-CBC` authenticated encryption was the default cipher
for encrypting messages.

It was proposed to use `AES-256-GCM` authenticated encryption as the default
cipher for encrypting messages because of following reasons:

- It produces shorter ciphertexts and performs quick encryption and decryption.
- It is less error prone and more secure.

So, `AES-256-GCM` became
[default cipher](https://github.com/rails/rails/pull/29263) for encrypting
messages in Rails 5.2 .

If we do not want `AES-256-GCM` as default cipher for encrypting messages in our
rails application, then we can disable it.

```ruby
Rails.application.config.active_support.use_authenticated_message_encryption = false
```

Default Encryption for cookies and sessions was also updated to use
`AES-256-GCM` [in this pull request](https://github.com/rails/rails/pull/28132).

If we do not want `AES-256-GCM` as default encryption of cookies and sessions,
then we can disable it too.

```ruby
Rails.application.config.active_support.use_authenticated_cookie_encryption = false
```

## Links

- [Human page](https://www.bigbinary.com/blog/rails-5-2-uses-aes-256-gcm-authenticated-encryption-as-default-cipher-for-encrypting-messages)