<div dir="ltr">Hi !<div><br></div><div><div class="gmail_extra"><div class="gmail_quote">2018-03-23 22:31 GMT+01:00 mko_io <span dir="ltr"><<a href="mailto:me@mko.io" target="_blank">me@mko.io</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Dear erlang community,<br>
<br>
Just report a bug:<br>
<br></blockquote><div><br></div><div>Thanks. I just want to kindly point out that we have a public issue tracker that you can use if you want to report bugs.</div><div><br></div><div><a href="https://bugs.erlang.org/secure/Dashboard.jspa">https://bugs.erlang.org/secure/Dashboard.jspa</a><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
The openssl that I built OTP 20.3.2 with is Libressl(portable 2.6.4), it does have ciper chacha20-poly1305 as AEAD<br>
<br>
$openssl version<br>
LibreSSL 2.6.4<br>
$ openssl ciphers -v | grep chacha20<br>
<br>
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD<br>
<br>
but it’s not in erlang<br>
<br>
crypto:supports().<br>
[{hashs,[sha,sha224,sha256,sha<wbr>384,sha512,md4,md5,ripemd160]}<wbr>,<br>
 {ciphers,[des3_cbc,des_ede3,d<wbr>es3_cbf,des3_cfb,aes_cbc,<br>
           aes_cbc128,aes_cfb8,aes_cfb12<wbr>8,aes_cbc256,aes_ctr,aes_ecb,<br>
           aes_gcm,aes_ige256,des_cbc,de<wbr>s_cfb,des_ecb,blowfish_cbc,<br>
           blowfish_cfb64,blowfish_<wbr>ofb64,blowfish_ecb,rc2_cbc,<wbr>rc4]},<br>
 {public_keys,[rsa,dss,dh,ec_g<wbr>f2m,ecdsa,ecdh,srp]},<br>
 {macs,[hmac,cmac]}]<br>
<br>
and in the release note of application crypto 4.0, this feature is enabled<br>
<br>
"Crypto chacha20-poly1305 as in RFC 7539 enabled for OpenSSL >= 1.1."<br>
<br>
so I think it’s a libressl compatibility issue, hope the someone can fix it<br>
<br>
<br></blockquote><div><br></div><div>Chacha was disabled for LIBRESSL to get  LIBRESSL to work at all, so I guess it might be a compatibility issue between LIBRESSL and OPENSSL.  </div><div>Contributions  in this area are welcome.</div><div><br></div><div>As as side note. We discovered interop problems with the chacha20-poly1305 cipher and hence we  have removed it from the default cipher list in our ssl application until we are able to  fix it. It is a problem with how crypto calls OpenSSLs crypto lib with subtitles in how padding is handled.</div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">It is still possible to use the cipher by adding it to the the ciphers list  see ssl:cipher_suites/2, ssl:filter_cipher_suites/2, ssl:prepend_cipher_suites/2 ssl:append_cipher_suites/2.  But probably this will only work for erlang client</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">vs erlang server as they will then do the same thing.</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Regards Ingela Erlang/OTP Team - Ericsson AB</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></div><br class="gmail-Apple-interchange-newline"><br></div><div> </div></div></div></div></div>