Learn about Centmin Mod LEMP Stack today
Become a Member

OpenSSL [NEW PATCH]Use ChaCha20+Poly1305 only if it is prioritized by the client - OpenSSL 1.1

Discussion in 'CentOS, Redhat & Oracle Linux News' started by bassie, Dec 8, 2017.

  1. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    OpenSSL 1.1.1dev has official support for ChaCha cipher priority, since a few days or so.

    With this ported patch. OpenSSL 1.1.0 will do the same.
    ChaCha20+Poly1305 will be used if it is the client's most preferred cipher and if its is used as ssl_ciphers in Nginx (position does not matter).

    OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - with fix.
    OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - vanilla.

    Nginx test ssl_ciphers: ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+CHACHA20:!MD5;

    Before:

    [​IMG]
    After:

    [​IMG]

    [​IMG]

    Upstream test suite plus documentation code does not form part of this patch.
    The test suite won't work anyway as OpenSSL is compiled with Nginx and not compiled c.q. installed as stand alone.
    Therefore the documentation and ChaCha cipher priority test suite is not included.

    Most Android devices are using Chacha draft (better known as Old_Chacha).
    Chacha draft was removed from the final OpenSSL 1.1 release.
    OpenSSL 1.1 only supports the final Chacha standard.

    Please note that Nginx does not support SSL_OP_PRIORITIZE_CHACHA yet but only SSL_OP_CIPHER_SERVER_PREFERENCE.

    Therefore as attachment a second patch with the original sourcecode plus fix to select ChaCha if the client has ChaCha first, and Nginx server cipher priority is used.

    I am not active in software development, this is pure mathematics and algorithmics.
    Thereby this contribution is purely out of interest.

    Nothing more or less than that I have had fun.
     
    Last edited: Dec 8, 2017
    • Informative Informative x 2
  2. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    4:46 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    thanks for sharing and providing the info/heads up. Will take some time for to digest as I haven't been online as much this past week heh
     
  3. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    Please note that this patch can conflict with the ECDHX patch.
    Compiling ok, installing ok, however it does not preferred chacha according to SSL Server Test (Powered by Qualys SSL Labs).

    This is an upstream problem.

    OpenSSL 1.1g without ECDHX patch, with chacha patch is working fine.

    OpenSSL 1.1.1dev (28 December 2017) with the already processed code (Chacha + ECDHX) gives a problem.

    OpenSSL 1.1g with ECDHX patch, with chacha gives a problem.
     
    • Informative Informative x 1
  4. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    4:46 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
  5. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    Nope only the fix.
    The vanilla edition is the patch as it is intended by OpenSSL.

    However as Nginx does not support SSL_OP_PRIORITIZE_CHACHA yet but only SSL_OP_CIPHER_SERVER_PREFERENCE, it will not work.

    I have changed the code in the fix patch.
    To only use SSL_OP_CIPHER_SERVER_PREFERENCE.

    If chacha is found in SSL_OP_CIPHER_SERVER_PREFERENCE in any position, also last on your Nginx config. It will by chosen if it is the client's preferred cipher.
     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    4:46 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Thanks for clarification, so this patch is the preferred one eventually over the cloudflare smart chacha20 and equal cipher preference patches ?
     
  7. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    It is official code as it is Approved in the dev. tree since November.
    You can't use the Cloudflare smart chacha20 and BoringSSL equal cipher preference patch anymore. If they would release OpenSSL 1.1.1. as it is today. And you are gonna use OpenSSL 1.1.1. Unless you change the code.
     
    • Informative Informative x 1
  8. eva2000

    eva2000 Administrator Staff Member

    37,258
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    4:46 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    cheers.. just well tied the patches to only OpenSSL 1.1.0g heh
     
  9. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    Sure. You can use whatever you want.
    It is more of an announcement for the future OpenSSL 1.1.1 release.
     
    • Like Like x 1
  10. bassie

    bassie Well-Known Member

    1,025
    246
    63
    Apr 29, 2016
    Ratings:
    +726
    Local Time:
    7:46 PM
    • Informative Informative x 2
..