When nowadays I point my browser to https sites, the cipher that is on most occasions used is Camellia. My browsers (Chrome and Firefox) seem to prefer it, even when AES is available.
Is that not kind of dangerous? Camellia did not receive so much scrutiny as did e.g. AES, so we know actually less about its security. Would it not be much better if AES was the default? I know I can change the cipher on Firefox, but it is not obvious how to do the same in Chrome.
The reason why you see that is because Camellia is the highest-preference cipher in NSS (Chrome and Firefox). Servers that support Camellia and use the client-preferred cipher suite will use Camellia.
NSS's rationale for this ordering is:
National ciphers such as Camellia are listed before international ciphers such as AES and RC4 to allow servers that prefer Camellia to be able to negotiate Camellia without having to disable AES and RC4, which are needed for interoperability with clients that don't yet implement Camellia.
See also: Bug 430875
