search

PeterMosmans / openssl

'Extra featured' OpenSSL with ChaCha20 and Poly1305 support
https://onwebsecurity.com/pages/openssl.html
Other
92 stars 18 forks source link

CCM/CCM8 ciphers? #30

Open drwetter opened 8 years ago

drwetter commented 8 years ago

Hi Peter,

any timeline for CCM ciphers? 1.1.0 lists 20 additional ones.

Cheers, Dirk

PeterMosmans commented 8 years ago

So, I looked around at the ciphers and newly added code. Theoretically I could 'backport' the CCM ciphers from the master branch into the 1.0.2-chacha branch. However, this means that these ciphers won't get updates automatically, and will make the merging process more difficult. I could also apply the custom patches from 1.0.2-chacha to the master branch, and keep that version up to date.

Not sure which path is the least painless... let me think some more about this...

drwetter commented 8 years ago

Hi @PeterMosmans,

thx for looking into it! Yes, you're right. This is a more a strategic question, I guess.

In the long run probably a 1.1.0 chacha-pm branch would be the best (I see 1.1.dev doesn't contain the chacha/poly ciphers).

BTW: Just out of curiosity I ran openssl 1.1 against a few site with testssl.sh -- also it would require some work for testssl.sh. And -- attention sarcasm -- of course the current 1.1 is even more secure. ;-) E.g. it requires at least 1024 DH ciphers at the server, amongst other things.

For me it would become important when CCM ciphers will be more deployed on the server side. Currently I don't have any statistics (how should I?) but I of course want to be ahead of time -- before it'll be deployed.

Cheers, Dirk