Learn about Centmin Mod LEMP Stack today
Become a Member

OpenSSL [PATCH] Use ChaCha20+Poly1305 if it's the client's most preferred cipher - OpenSSL 1.1

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Sep 6, 2016.

  1. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    [PATCH]Use OpenSSL 1.1 ChaCha20+Poly1305 if it is the client's most preferred cipher suite.

    Cloudflare's OpenSSL 1.0.2; implementation of CHACHA20-POLY1305 is relatively known.
    Perhaps the smallest yet one of the most useful code of their work is:
    With this ported patch OpenSSL 1.1 will do the same.
    ChaCha20+Poly1305 will be used if it is the client's most preferred cipher.

     
    Last edited: Sep 6, 2016
  2. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Excellent, that's one thing missing from OpenSSL 1.1.0 usage compared to OpenSSL 1.0.2 - Cloudflare's awesome patches :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    testing on Centmin Mod 123.09beta01

    with nginx 1.11.3 + LibreSSL 2.4.2

    upload_2016-9-6_4-37-18.png

    with nginx 1.11.3 + OpenSSL 1.1.0 with nginx patches + cloudflare chacha20 client preference patch

    upload_2016-9-6_4-38-7.png

    strangely Firefox 47 and Chrome 51 preferred chacha20 while Android 4.4.2 and 5.0.0 preferred AES ciphers ? would of thought it would be other way round ?

    edit: ah i think i see the issue is that chacha20 ciphers need to be placed after AES ones in ssl_ciphers config line for nginx vhost for cloudflare's patch to really work i think. Nope that didn't help either

    with nginx 1.11.3 + OpenSSL 1.1.0 with nginx patches + cloudflare chacha20 client preference patch + chacha20 cipher placed after AES

    upload_2016-9-6_5-4-47.png
     
    Last edited: Sep 6, 2016
  4. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    This is default OpenSSL 1.1 behavior in combination with Ssllabs.com.
    Also without patch Ssllabs.com will prefer Chacha for both Firefox 47 and Chrome 51.
    If your system is using OpenSSL 1.1 with Cloudflare's cipher suite choice.

    Please note that the Android OS is using Chacha draft (better known as Old_Chacha).

    Cloudflare is using both Chacha draft and the Chacha internet standard.
    The original Cloudflare patch can switch between both, but as Chacha draft is removed from OpenSSL 1.1 a while ago. OpenSSL 1.1 can't do the same. So that switching code is removed from the patch (SSL_CHACHA20POLY1305_D).

    Furthermore:
    Ssllabs.com does test the Android operation as system of its own, just like Java but without notable browsers.
    For example: Android and Chrome or Firefox 47 / Android.

    But who's going to a website using a operating system? No one. only to test.

    You should test it with an Android Phone and Chrome.
    Chrome is being preloaded on every Android phone since a long time.

    Lastly. The only notable add on sslabs writes about the patch v.s. no patch is:
    Hopefully it's now clear. You could always reply for question.
     
    Last edited: Sep 6, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sweet thanks for the insight of openssl 1.1.0 and ssllab changes (y)
     
  6. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    Btw are you using Cloudflare's cipher suite choice?
    Without patch and with Cloudflare's preferred cipher my test site is using Chacha Firefox 47 / Win 7
    (same as your test result but then in reverse conditions).
    Because Cloudflare's first choice overall is Chacha due to the patch its behavior and the Nginx config.
    With patch and with Cloudflare's preferred:
    Chacha is not preferred on Firefox 47 / Win 7 as it should be.
     
    Last edited: Sep 6, 2016
  7. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    using these 2

    Original
    Code (Text):
    ssl_ciphers EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
    


    edited to place chacha further down the list
    Code (Text):
    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:EECDH+CHACHA20:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
    
     
  8. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    From the Cloudflare github readme:

    In fact you should use Cloudflare's cipher suite choice and (backported) patch
     
  9. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah i see my problem, my nginx add vhost routine hasn't been updated to account for openssl native chacha20 support i think !
    Code (Text):
      if [ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha20poly1305/chacha20.c" ]; then
          # check /svr-setup/openssl-1.0.2f/crypto/chacha20poly1305/chacha20.c exists
          OPEENSSL_CFPATCHED='y'
      fi
    
    if [[ "$(nginx -V 2>&1 | grep LibreSSL | head -n1)" ]] || [[ "$OPEENSSL_CFPATCHED" = [yY] ]]; then
      if [ -f "${DIR_TMP}/openssl-${OPENSSL_VERSION}/crypto/chacha20poly1305/chacha20.c" ]; then
        CHACHACIPHERS='EECDH+CHACHA20-draft:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:'
      else
        CHACHACIPHERS='EECDH+CHACHA20:'
      fi
    else
      CHACHACIPHERS=""
    fi

    openssl 1.1.0 has it at /svr-setup/openssl-1.1.0/crypto/poly1305/poly1305.c and /svr-setup/openssl-1.1.0/crypto/chacha/chacha_enc.c instead
     
  10. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    Its really simple. Cloudflare's default Nginx config puts Chacha as first and the server's top cipher suite choice.
    Afterwards the patch, which in fact is a hack, hacks into the transaction and only enables Chacha if its also the client's top preferred top cipher suite choice. Otherwise the Nginx config will be overruled with the client's preferred top cipher suite choice for example AES.
     
    Last edited: Sep 6, 2016
  11. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah i understand that, it's how it worked for me with openssl 1.0.2h + cloudflare chacha patch even with the above cipher preferences but doesn't with openssl 1.1.0
     
  12. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    With Android as OS working with OLD ChaCha on ssllabs I assume?
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah so yes understand that android would default to non-chacha if openssl 1.1.0 removed OLD chacha20 but what's confusing is chacha for firefox and chrome with openssl 1.1.0 and patch
     
  14. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    to compare

    with nginx 1.11.3 and openssl 1.0.2h with cloudflare chacha20 patch and cloudflare recommended ssl ciphers

    upload_2016-9-6_7-14-37.png

    with nginx 1.11.3 and openssl 1.0.2h with cloudflare chacha20 patch and Centmin Mod 123.09beta01 default ssl ciphers

    upload_2016-9-6_7-20-26.png
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah was user error as the chacha20 client preference patch didn't get applied as i had an incorrect test
    Code (Text):
    if [ ! -f "$CUR_DIR/patches/openssl/chacha20-smarter.patch" ]; then

    that tested if patch did not exist instead of being should exist LOL
     
  16. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    with Centmin Mod 123.09beta01 updated for proper fix

    looks right now for chrome and firefox and as you said openssl 1.1.0 removed chacha20 draft

    upload_2016-9-6_7-48-41.png
     
  17. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    Nice. Consider it done and fixed.
    Finally you could also do the ChaCha!:joyful: Heee Hee Hee!

    [​IMG]
     
  18. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
  19. eva2000

    eva2000 Administrator Staff Member

    54,601
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    9:58 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    which patch is the based on ? originated from ?
     
  20. buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    12:58 PM
    Cloudflare's OpenSSL 1.0.2j; implementation of CHACHA20-POLY1305.
    Perhaps the smallest yet one of the most useful code of their work is:
    With this ported patch OpenSSL 1.1.0c will do the same.
    ChaCha20+Poly1305 will be used if it is the client's most preferred cipher.

    Changelog:
    * Rebased to OpenSSL 1.1.0c
    * Improved cipher negotiation: a common ChaCha cipher will always be found,
    even when first priority is not ChaCha.