OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: LibReSSL CHACHA20/POLY1305

From: Jérémie Courrèges-Anglas (jcawxcvbn.org)
Date: Fri Nov 14 2014 - 06:28:37 CST


Renaud Allard <renaudallard.it> writes:

> On 11/14/2014 10:12 AM, Jonathan Gray wrote:
>>>
>>> Now openssl ciphers CHACHA20 works as intended
>>> # openssl ciphers CHACHA20
>>> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
>>
>> This is already present in rev 1.68/-current
>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68&r1=1.67&f=u
>>
>>
> So now, I have set in nginx.conf this
> ssl_ciphers !aNULL:AES256:AES128:CHACHA20:STRENGTH;
>
> But using sslscan, I still get:
> Failed TLSv1 256 bits ECDHE-ECDSA-CHACHA20-POLY1305

I guess it means that you didn't feed with nginx an ecdsa cert.

> Is that somewhere else?

--
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE