Welcome! Log In Create A New Profile

Advanced

CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel
May 03, 2020 01:06PM
Hello,

Trying to get CHACHA20-POLY1305 Server Preference ... Working with tlsv1.2
but NOK with tlsv1.3

** Tried with a Custom OpenSSL.conf ServerPreference,PrioritizeChaCha

OPENSSL_CONF=$HOME/conf/openssl.conf $HOME/bin/nginx.exe

[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Ciphersuites =
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
Options = ServerPreference,PrioritizeChaCha

** Tried by patching src/event/ngx_event_openssl.c

- SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE |
SSL_OP_PRIORITIZE_CHACHA);

** Tried by patching src/event/ngx_event_openssl.c

nginx -s reload
nginx: [emerg]
SSL_CTX_set_cipher_list("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256")
failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match)

ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3;
ssl_ciphers
TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256;

my config is working like a charm with tlsv1.2 but i cannot get CHACHA20
prioritized with tlsv1.3 ... hence my question ...how to do with nginx
version: nginx/1.18.0 ?

tx, V.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel May 03, 2020 01:06PM

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin May 03, 2020 05:22PM

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel May 04, 2020 01:50AM

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin May 04, 2020 11:56AM

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Vincent Blondel May 04, 2020 02:12PM

Re: CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin May 04, 2020 07:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 90
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready