It seems that aes256-cts-hmac-sha1-96 is more of an incantation than a convenient thing to type into config files or to accurately remember for end-users specifying enctypes. Do we want to consider aes256 and aes128 as short aliases for users to use?