Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL CHACHACIPHERS as default ssl_ciphers

Discussion in 'Centmin Mod Insights' started by buik, Aug 7, 2016.

  1. buik

    buik “The best traveler is one without a camera.”

    Apr 29, 2016
    Local Time:
    7:17 AM
    Centminmod Nginx uses the CHACHA20-POLY1305 for desktop and mobile devices as default ssl_cipher. Why?

    AES supported hardware is available since 2008.
  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    3:17 PM
    Nginx 1.25.x
    MariaDB 10.x
    I don't have sepcific control over it purely because LibreSSL is default for Nginx and LibreSSL doesn't have mechanism to do what Cloudflare's openssl patch for chacha20 does and that is only serve chacha20 to mobile devices and not desktop. If you want chacha20 only over mobile and not desktop, just switch Nginx from LibreSSL defaults to OpenSSL via persistent config file /etc/centminmod/ and set
    Code (Text):

    then run menu option 4 to recompile Nginx with OpenSSL 1.0.2h+ support and it will auto patch OpenSSL with Cloudflare chacha20 patch :)

    FYI, chacha20 mobile only is a feature of Cloudflare's chacha20 patch which Centmin Mod Nginx integrates and IIRC Cloudflare patch only is for 64bit systems. Standard OpenSSL 1.0.x doesn't even support chacha20 :)