1. Floren
    The wait is over, we finally completed the OpenSSL 1.0.2a port to Enterprise Linux 6 and 7. As an added bonus, GOST, ChaCha20 and Poly1305 are provided part of the available ciphers list.

    We all know AES has become the gold standard in encryption, it is anywhere from 4 to 10 times faster compared to previous most-used cipher, eDES. So why venture into unknown? If future advances in cryptanalysis reveal a weakness in AES, users will be in an unenviable position. With the only other widely supported cipher being the much slower 3DES, it is not feasible to re-configure 3DES deployments.

    Meet ChaCha20 stream cipher and Poly1305 authenticator, together forming the ChaCha20-Poly1305 Authenticated Encryption with an AEAD construction. Currently, ChaCha20 is the preferred cipher for Google Chrome and Android 5.0+ OS. It is interesting to note that ChaCha20 was initially created as a variant of Salsa20 in 2008, by Daniel Bernstein (Google).

    ChaCha20 and Poly1305 are very fast particularly on mobile and wearable devices, as their designs are able to leverage common CPU instructions, including ARM vector instructions. Poly1305 also saves network bandwidth, since its output is only 16 bytes compared to HMAC-SHA1, which is 20 bytes. Adam Langley resumed everything in two phrases: "ChaCha20 is very simple and even a completely naive implementation will be secure. Poly1305 is somewhat more complex to implement but again lends itself to secure implementations." This explains why more and more software enforces the ChaCha20 usage, for example OpenSSH via chacha20-poly1305@openssh.com authenticated cipher.

    The ciphers source code is pulled from latest work done by Google and Intel. We compiled Nginx 1.9.0 with the new OpenSSL packages, to provide ChaCha20 support for all Google Chrome and Android 5.0+ users visiting our site. Running cipherscan displays the ChaCha20-Poly1305 suite as first priority:
    $ ./cipherscan axivo.com
    custom openssl not executable, falling back to system one from /usr/bin/openssl
    Target: axivo.com:443
    prio  ciphersuite                  protocols              pfs                 curves
    1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                ECDH,P-256,256bits  prime256v1
    2     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                ECDH,P-256,256bits  prime256v1
    3     ECDHE-RSA-AES128-SHA256      TLSv1.2                ECDH,P-256,256bits  prime256v1
    4     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits  prime256v1
    5     DHE-RSA-AES256-SHA           TLSv1,TLSv1.1,TLSv1.2  DH,2048bits         None
    Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature
    TLS ticket lifetime hint: 600
    OCSP stapling: supported
    Cipher ordering: server
    $ openssl ciphers -v | grep CHACHA
    ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD
    ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH Au=RSA   Enc=ChaCha20(256) Mac=AEAD
    DHE-RSA-CHACHA20-POLY1305     TLSv1.2 Kx=DH   Au=RSA   Enc=ChaCha20(256) Mac=AEAD
    The new OpenSSL 1.0.2a packages are available for RHEL/CentOS 6 and 7, into AXIVO repository.

    In conclusion, I would like to highlight the contributions of Adam Langley (Google), Tomas Mraz (Red Hat) and Vlad Krasnov (CloudFlare). Without their valuable support and friendly collaboration, this project would of taken a lot longer to materialize.

Recent Reviews

  1. CSRedRat
    Nice! GOST require in RHEL.