Let's Encrypt is Trusted

The problem with preferring AES256 is that it's not as resistant to timing attacks as AES128, so in fact AES128 can be more secure.
See Security/Server Side TLS - MozillaWiki
This was already discussed in this community too BTW:
Cipher Suite Order - Apache - #13 by harder

Also here:

I authored the AES 128 vs 256 part 2 years ago and it doesn't seem like
the state of the art has changed since. While the performance difference
is probably not the highest concern, there has been some research that
suggest that attacks on AES256 are easier to achieve than on the 128
variant. The reasoning is that most attack on AES do not directly target
the rounds or the key length, but focus more on side channels like
timing attacks. If AES 128 is more resistant to those than 256, then 128
should be preferred. This thread has more information: Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

by jvehent at Review all cryptographic algorithm and parameter defaults · Issue #555 · certbot/certbot · GitHub

2 Likes