On Fri, Nov 14, 2014 at 10:04:16AM +0100, Renaud Allard wrote: > Hello, > > On 11/14/2014 09:04 AM, Renaud Allard wrote: > >Hello, > > > >I am trying this on 5.6-stable. > >Is there a way to list all POLY1305/CHACHA20 based ciphers which are > >enabled? > > > >For example, if I try with RSA: > ># openssl ciphers RSA > >AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:NULL-SHA256:NULL-SHA:NULL-MD5 > > > > > >But with the others: > ># openssl ciphers POLY1305 > >Error in cipher list1082963419196:error:1410D0B9:SSL > >routines:SSL_CTX_set_cipher_list:no cipher > >match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312: > ># openssl ciphers CHACHA20 > >Error in cipher list > >32850802282556:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no > >cipher match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312: > > > >However, trying something like this works: > ># openssl ciphers ECDHE-ECDSA-CHACHA20-POLY1305 > >ECDHE-ECDSA-CHACHA20-POLY1305 > > > >The idea is to be able to enable them in configuration files of services > >without having to list them all by hand (which might change). > > > >Thanks > > > > > > Replying to my own mail... > > Here is a patch: > --- lib/libssl/src/ssl/ssl_ciph.c.old Fri Nov 14 09:30:56 2014 > +++ lib/libssl/src/ssl/ssl_ciph.c Fri Nov 14 09:49:47 2014 > @@ -433,6 +433,10 @@ > .name = SSL_TXT_CAMELLIA, > .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256, > }, > + { > + .name = SSL_TXT_CHACHA20, > + .algorithm_enc = SSL_CHACHA20POLY1305, > + }, > > /* MAC aliases */ > { > > > Now openssl ciphers CHACHA20 works as intended > # openssl ciphers CHACHA20 > ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
This is already present in rev 1.68/-current http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68&r1=1.67&f=u