OpenSSL [NEW PATCH]Use ChaCha20+Poly1305 only if it is prioritized by the client - OpenSSL 1.1

OpenSSL 1.1.1dev has official support for ChaCha cipher priority, since a few days or so.

With this ported patch. OpenSSL 1.1.0 will do the same.
ChaCha20+Poly1305 will be used if it is the client's most preferred cipher and if its is used as ssl_ciphers in Nginx (position does not matter).

OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - with fix.
OpenSSL 1.1.0G - Use ChaCha only if it is prioritized by the client - vanilla.

---

Nginx test ssl_ciphers: ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+CHACHA20:!MD5;

Before:


After:





Upstream test suite plus documentation code does not form part of this patch.
The test suite won't work anyway as OpenSSL is compiled with Nginx and not compiled c.q. installed as stand alone.
Therefore the documentation and ChaCha cipher priority test suite is not included.

Most Android devices are using Chacha draft (better known as Old_Chacha).
Chacha draft was removed from the final OpenSSL 1.1 release.
OpenSSL 1.1 only supports the final Chacha standard.

Please note that Nginx does not support SSL_OP_PRIORITIZE_CHACHA yet but only SSL_OP_CIPHER_SERVER_PREFERENCE.

Therefore as attachment a second patch with the original sourcecode plus fix to select ChaCha if the client has ChaCha first, and Nginx server cipher priority is used.

I am not active in software development, this is pure mathematics and algorithmics.
Thereby this contribution is purely out of interest.

Nothing more or less than that I have had fun.

 

Please note that this patch can conflict with the ECDHX patch.
Compiling ok, installing ok, however it does not preferred chacha according to SSL Server Test (Powered by Qualys SSL Labs).

This is an upstream problem.

OpenSSL 1.1g without ECDHX patch, with chacha patch is working fine.

OpenSSL 1.1.1dev (28 December 2017) with the already processed code (Chacha + ECDHX) gives a problem.

OpenSSL 1.1g with ECDHX patch, with chacha gives a problem.

 

Nope only the fix.
The vanilla edition is the patch as it is intended by OpenSSL.

However as Nginx does not support SSL_OP_PRIORITIZE_CHACHA yet but only SSL_OP_CIPHER_SERVER_PREFERENCE, it will not work.

I have changed the code in the fix patch.
To only use SSL_OP_CIPHER_SERVER_PREFERENCE.

If chacha is found in SSL_OP_CIPHER_SERVER_PREFERENCE in any position, also last on your Nginx config. It will by chosen if it is the client's preferred cipher.

 

It is official code as it is Approved in the dev. tree since November.
You can't use the Cloudflare smart chacha20 and BoringSSL equal cipher preference patch anymore. If they would release OpenSSL 1.1.1. as it is today. And you are gonna use OpenSSL 1.1.1. Unless you change the code.

 

Sure. You can use whatever you want.
It is more of an announcement for the future OpenSSL 1.1.1 release.

 

Patches rebased to OpenSSL 1.1.0h. Enjoy.

OpenSSL 1.1.0H - Use ChaCha only if it is prioritized by the client - with fix.
OpenSSL 1.1.0H - Use ChaCha only if it is prioritized by the client - vanilla.

As Nginx 1.13.* does not support the OpenSSL option: "SSL_OP_PRIORITIZE_CHACHA" yet.
You should use the fixed version.