Join the community today
Become a Member

SSL CHACHACIPHERS as default ssl_ciphers

Discussion in 'Centmin Mod Insights' started by buik, Aug 7, 2016.

  1. buik

    buik “The best traveler is one without a camera.”

    2,001
    519
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,651
    Local Time:
    12:07 AM
    Centminmod Nginx uses the CHACHA20-POLY1305 for desktop and mobile devices as default ssl_cipher. Why?

    AES supported hardware is available since 2008.

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,530
    12,134
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,677
    Local Time:
    8:07 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I don't have sepcific control over it purely because LibreSSL is default for Nginx and LibreSSL doesn't have mechanism to do what Cloudflare's openssl patch for chacha20 does and that is only serve chacha20 to mobile devices and not desktop. If you want chacha20 only over mobile and not desktop, just switch Nginx from LibreSSL defaults to OpenSSL via persistent config file /etc/centminmod/custom_config.inc and set
    Code (Text):
    LIBRESSL_SWITCH='n'
    

    then run centmin.sh menu option 4 to recompile Nginx with OpenSSL 1.0.2h+ support and it will auto patch OpenSSL with Cloudflare chacha20 patch :)

    FYI, chacha20 mobile only is a feature of Cloudflare's chacha20 patch which Centmin Mod Nginx integrates and IIRC Cloudflare patch only is for 64bit systems. Standard OpenSSL 1.0.x doesn't even support chacha20 :)