[erlang-questions] chacha20-poly1305 AEAD is not available for libressl built
Mon Mar 26 12:01:35 CEST 2018
2018-03-23 22:31 GMT+01:00 mko_io <me@REDACTED>:
> Dear erlang community,
> Just report a bug:
Thanks. I just want to kindly point out that we have a public issue tracker
that you can use if you want to report bugs.
> The openssl that I built OTP 20.3.2 with is Libressl(portable 2.6.4), it
> does have ciper chacha20-poly1305 as AEAD
> $openssl version
> LibreSSL 2.6.4
> $ openssl ciphers -v | grep chacha20
> ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA
> Enc=ChaCha20-Poly1305 Mac=AEAD
> but it’s not in erlang
> and in the release note of application crypto 4.0, this feature is enabled
> "Crypto chacha20-poly1305 as in RFC 7539 enabled for OpenSSL >= 1.1."
> so I think it’s a libressl compatibility issue, hope the someone can fix it
Chacha was disabled for LIBRESSL to get LIBRESSL to work at all, so I
guess it might be a compatibility issue between LIBRESSL and OPENSSL.
Contributions in this area are welcome.
As as side note. We discovered interop problems with the chacha20-poly1305
cipher and hence we have removed it from the default cipher list in our
ssl application until we are able to fix it. It is a problem with how
crypto calls OpenSSLs crypto lib with subtitles in how padding is handled.
It is still possible to use the cipher by adding it to the the ciphers
list see ssl:cipher_suites/2, ssl:filter_cipher_suites/2,
ssl:prepend_cipher_suites/2 ssl:append_cipher_suites/2. But probably this
will only work for erlang client
vs erlang server as they will then do the same thing.
Regards Ingela Erlang/OTP Team - Ericsson AB
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions