OpenSSL PBKDF2 Default Iterations

I’m digging into OpenSSL for quite a while to find a decent encryption method to double the security of some critical GnuPG already encrypted files. The one I came up with that seemed to satisfy my confidentiality requirements is as follows: aes () { openssl enc -aes-256-cbc -in $1 -out ${1}.aes -a -pbkdf2 } Now, a friend of mine, whose crypto is a field of expertise, told me that the CBC mode was unsecure because of possible attacks, and that I should use GCM.