New ChaCha/Poly ciphers
drwetter opened this issue · 6 comments
Hi Peter,
there is a set of new chacha/poly ciphers like cca8, cca9, see
https://mta.openssl.org/pipermail/openssl-commits/2015-December/002380.html
Is that possible to have them integrated into this branch and renaming the old ones like https://www.ssllabs.com/ssltest/analyze.html?d=google.de&s=172.217.2.35 ?
Cheers, Dirk
Hi Dirk,
I'll look into it, whether it's feasible with 1.0.2 or that 'restarting' openssl from master (1.1.x) makes more sense at this point.
Thanks for the request.
Cheers,
Peter
@PeterMosmans : Have you looked into it? Other than moving away conflicts with the old CHACHA/POLY ciphers it "just" seems to me a few hours of work.
I would love to do this but atm I still have a queue of things I need to work on.
Hi @drwetter it's still on the TODO list, but, similar to you, there's quite a large queue. Let me know if you want to/have time for this issue. If not, I'll try to finish it as soon as a slot opens up 😉
Cheers,
Peter
For the record so that it is easier to find the info if somebody will start working on it, see
- https://github.com/cloudflare/sslconfig/tree/master/patches (@jvehent 's hint)
- see attached the RFC version from openssl 1.1x (first patch, newer ones are probably harder to apply)
chacha-poly.patch.txt
@PeterMosmans is there a patch at least I can reverse the old ciphers or is https://github.com/PeterMosmans/openssl/files/719816/chacha-poly.patch.txt all I need?
Hi @drwetter - I went through the logs, but unfortunately the ChaCha implementation is spread out across a number of commits. I don't have the exact commits handy. You might want to try filtering on committer (aka me ;) - , maybe that helps?