vkrasnov
commented
6 years ago No, that would be too much work I'm afraid.
Closed kerzyte closed 6 years ago
vkrasnov
commented
6 years ago No, that would be too much work I'm afraid.
kerzyte
commented
6 years ago Understandable. What is Cloudflare using to be able to have both versions AND x25519?
vkrasnov
commented
6 years ago We are using boringssl, with a patch for old chacha
draft1
commented
6 years ago Any chance the patch for BoringSSL will be public also?
xetorixik
commented
6 years ago @RoldanLT Vanilla BoringSSL and the old chacha patch for BoringSSL is quite useless for websites as BoringSSL doesn't support OCSP, Nginx multi cert? etc.
It is only interesting if multiple Cloudflare BoringSSL patches (i.e. OCSP) are released. To re-add the features that Google has deleted.
@vkrasnov But. It seems unlikely to me that this will happen.
injust
commented
6 years ago @xetorixik OCSP protocol was removed, but stapling and parsing are still in BoringSSL.
anotherjin
commented
6 years ago Now where can I get the patch for boringssl?
The OpenSSL 1.0.2j patch for adding Chacha20 support does not work on OpenSSL 1.1. OpenSSL 1.1 added support for the final version of ChaCha20, but I would like to add the draft version back in for older clients. Any chance that patch could be ported over?