The wait is over, we finally completed the OpenSSL 1.0.2a port to Enterprise Linux 6 and 7. As an added bonus, GOST, ChaCha20 and Poly1305 are provided part of the available ciphers list.
We all know AES has become the gold standard in encryption, it is anywhere from 4 to 10 times faster compared to previous most-used cipher, eDES. So why venture into unknown? If future advances in cryptanalysis reveal a weakness in AES, users will be in an unenviable position. With the only other widely supported cipher being the much slower 3DES, it is not feasible to re-configure 3DES deployments.
Meet ChaCha20 stream cipher and Poly1305 authenticator, together forming the ChaCha20-Poly1305 Authenticated Encryption with an AEAD construction. Currently, ChaCha20 is the preferred cipher for Google Chrome and Android 5.0+ OS. It is interesting to note that ChaCha20 was initially created as a variant of Salsa20 in 2008, by Daniel Bernstein (Google).
ChaCha20 and Poly1305 are very fast particularly on mobile and wearable devices, as their designs are able to leverage common CPU instructions, including ARM vector instructions. Poly1305 also saves network bandwidth, since its output is only 16 bytes compared to HMAC-SHA1, which is 20 bytes. Adam Langley resumed everything in two phrases: "ChaCha20 is very simple and even a completely naive implementation will be secure. Poly1305 is somewhat more complex to implement but again lends itself to secure implementations." This explains why more and more software enforces the ChaCha20 usage, for example OpenSSH via email@example.com authenticated cipher.
The ciphers source code is pulled from latest work done by Google and Intel. We compiled Nginx 1.9.0 with the new OpenSSL packages, to provide ChaCha20 support for all Google Chrome and Android 5.0+ users visiting our site. Running cipherscan displays the ChaCha20-Poly1305 suite as first priority:
The new OpenSSL 1.0.2a packages are available for RHEL/CentOS 6 and 7, into AXIVO repository.$ ./cipherscan axivo.com custom openssl not executable, falling back to system one from /usr/bin/openssl ...... Target: axivo.com:443 prio ciphersuite protocols pfs curves 1 ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 ECDH,P-256,256bits prime256v1 2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1 3 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1 4 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1 5 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 DH,2048bits None Certificate: trusted, 2048 bit, sha256WithRSAEncryption signature TLS ticket lifetime hint: 600 OCSP stapling: supported Cipher ordering: server $ openssl ciphers -v | grep CHACHA ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD
In conclusion, I would like to highlight the contributions of Adam Langley (Google), Tomas Mraz (Red Hat) and Vlad Krasnov (CloudFlare). Without their valuable support and friendly collaboration, this project would of taken a lot longer to materialize.