Openssl

OpenSSL PBKDF2 Default Iterations

I’m digging into OpenSSL for quite a while to find a decent encryption method to double the security of some critical GnuPG already encrypted files.
The one I came up with that seemed to satisfy my confidentiality requirements is as follows:

aes () {
  openssl enc -aes-256-cbc -in $1 -out ${1}.aes -a -pbkdf2
}

Now, a friend of mine, whose crypto is a field of expertise, told me that the CBC mode was unsecure because of possible attacks, and that I should use GCM.
While searching on the subject, I also read this interesting thread which also rose the CBC vs GCM question, finally stating that the latter is not a silver bullet and that CBC used with HMAC would be a reasonable choice. Which suits me well as I actually use the -pbkdf2 parameter which seems to do just that.