On Sun, May 24, 2015 at 06:16:42PM +0200, Tim Kuijsten wrote:
> Since I'm running postfix with LibreSSL, some clients encrypt the connection
> using ECDHE-RSA-CHACHA20-POLY1305. Now I'm used to seeing headers like
> "using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)" . But
> these ChaCha20 headers look like "using TLSv1.2 with cipher
> ECDHE-RSA-CHACHA20-POLY1305 (256/0 bits)". I'm wondering what the 0 part in
> 256/0 bits mean. I've read it's "the number of bits actually used" vs. "the
> number of bits the algorithm is based on", but this sounds confusing to me.
> Can someone maybe clarify?
Ask the LibreSSL team. Postfix outputs:
cipher_usebits/cipher_algbits
obtained via:
cipher = SSL_get_current_cipher(ssl);
cipher_usebits = SSL_CIPHER_get_bits(cipher, &cipher_algbits);
If LibreSSL returns 0 for algbits, that's an artifact of their
implementation.
--
Viktor.
