Re: LibReSSL CHACHA20/POLY1305

Jérémie Courrèges-Anglas Fri, 14 Nov 2014 04:33:08 -0800

Renaud Allard <[email protected]> writes:

> On 11/14/2014 10:12 AM, Jonathan Gray wrote:
>>>
>>> Now openssl ciphers CHACHA20 works as intended
>>> # openssl ciphers CHACHA20
>>> ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
>>
>> This is already present in rev 1.68/-current
>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68&r1=1.67&f=u
>>
>>
> So now, I have set in nginx.conf this
>         ssl_ciphers     !aNULL:AES256:AES128:CHACHA20:@STRENGTH;
>
> But using sslscan, I still get:
>     Failed    TLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305


I guess it means that you didn't feed with nginx an ecdsa cert.

> Is that somewhere else?


-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: LibReSSL CHACHA20/POLY1305

Reply via email to