Hello,
On 11/14/2014 09:04 AM, Renaud Allard wrote:
Hello,
I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?
For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:NULL-SHA256:NULL-SHA:NULL-MD5
But with the others:
# openssl ciphers POLY1305
Error in cipher list1082963419196:error:1410D0B9:SSL
routines:SSL_CTX_set_cipher_list:no cipher
match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:
# openssl ciphers CHACHA20
Error in cipher list
32850802282556:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:
However, trying something like this works:
# openssl ciphers ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-ECDSA-CHACHA20-POLY1305
The idea is to be able to enable them in configuration files of services
without having to list them all by hand (which might change).
Thanks
Replying to my own mail...
Here is a patch:
--- lib/libssl/src/ssl/ssl_ciph.c.old Fri Nov 14 09:30:56 2014
+++ lib/libssl/src/ssl/ssl_ciph.c Fri Nov 14 09:49:47 2014
@@ -433,6 +433,10 @@
.name = SSL_TXT_CAMELLIA,
.algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
},
+ {
+ .name = SSL_TXT_CHACHA20,
+ .algorithm_enc = SSL_CHACHA20POLY1305,
+ },
/* MAC aliases */
{
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
