Welcome to Centmin Mod Community
Register Now

SSL CHACHACIPHERS as default ssl_ciphers

Discussion in 'Centmin Mod Insights' started by bassie, Aug 7, 2016.

  1. bassie

    bassie Active Member

    857
    200
    43
    Apr 29, 2016
    Ratings:
    +605
    Local Time:
    6:14 AM
    Centminmod Nginx uses the CHACHA20-POLY1305 for desktop and mobile devices as default ssl_cipher. Why?

    AES supported hardware is available since 2008.
     
  2. eva2000

    eva2000 Administrator Staff Member

    34,639
    7,657
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,775
    Local Time:
    2:14 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    I don't have sepcific control over it purely because LibreSSL is default for Nginx and LibreSSL doesn't have mechanism to do what Cloudflare's openssl patch for chacha20 does and that is only serve chacha20 to mobile devices and not desktop. If you want chacha20 only over mobile and not desktop, just switch Nginx from LibreSSL defaults to OpenSSL via persistent config file /etc/centminmod/custom_config.inc and set
    Code (Text):
    LIBRESSL_SWITCH='n'
    

    then run centmin.sh menu option 4 to recompile Nginx with OpenSSL 1.0.2h+ support and it will auto patch OpenSSL with Cloudflare chacha20 patch :)

    FYI, chacha20 mobile only is a feature of Cloudflare's chacha20 patch which Centmin Mod Nginx integrates and IIRC Cloudflare patch only is for 64bit systems. Standard OpenSSL 1.0.x doesn't even support chacha20 :)
     
..