On 11/14/2014 01:28 PM, Jérémie Courrèges-Anglas wrote:
Renaud Allard <ren...@allard.it> writes:
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
This is already present in rev 1.68/-current
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68&r1=1.67&f=u
So now, I have set in nginx.conf this
ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;
But using sslscan, I still get:
Failed TLSv1 256 bits ECDHE-ECDSA-CHACHA20-POLY1305
I guess it means that you didn't feed with nginx an ecdsa cert.
OK, indeed, but those ones are also failing:
Failed TLSv1 256 bits ECDHE-RSA-CHACHA20-POLY1305
Failed TLSv1 256 bits DHE-RSA-CHACHA20-POLY1305
And that one is working:
Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA
