CHACHA20 not listed

Question

CHACHA20 not listed

agniveshadhikari opened this issue 3 years ago · 3 comments

First I tried just running the cipherscan script on it's own ( I copied just this file from this repo, and ran it).

$ ./cs redacted
...../cs: line 1589: ./cscan.sh: No such file or directory

Target: redacted

prio  ciphersuite                  protocols  pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  npn          pfs
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None
3     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None

OCSP stapling: not supported
Cipher ordering: server
Curves ordering: unknown - fallback: no
Renegotiation test error
Supported compression methods test error

TLS Tolerance: no
Fallbacks required:
big-SSLv3 config not supported, connection failed
big-TLSv1.0 config not supported, connection failed
big-TLSv1.1 config not supported, connection failed
big-TLSv1.2 config not supported, connection failed
small-SSLv3 config not supported, connection failed
small-TLSv1.0 config not supported, connection failed
small-TLSv1.1 config not supported, connection failed
small-TLSv1.2 config not supported, connection failed
v2-big-TLSv1.2 config not supported, connection failed
v2-small-SSLv3 config not supported, connection failed
v2-small-TLSv1.0 config not supported, connection failed
v2-small-TLSv1.1 config not supported, connection failed
v2-small-TLSv1.2 config not supported, connection failed

Then I cloned the whole repo and ran the same command.

$ ./cipherscan redacted
............
Target: redacted
prio  ciphersuite                  protocols  pfs                 curves
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,secp384r1
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,secp384r1

Certificate: trusted, 2048 bits, sha384WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: h2,http/1.1
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : PRESENT
 TLS 1.1             : PRESENT
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

As you can see, CHACHA disappeared from the list. I know CHACHA does work with this server. (Tested with openssl s_client)

Answer 1 · 2023-11-24T14:44:08.000Z

Maybe it's because this project seems abandoned...

Answer 2 · 2023-11-24T18:38:32.000Z

not abandoned, but definitely not actively developed; the listed ciphers depend on the used openssl version. if it doesn't support Chacha20, then the test won't list chacha20 as available

Answer 3 · 2024-02-20T21:38:48.000Z

@agniveshadhikari The difference may be related to #179 — using your OpenSSL version vs. the bundled one?