4 Replies Latest reply on Nov 25, 2013 2:37 AM by Ivan Ristic

    Chrome 32 promotes Chacha20/Poly1305 suite, SSL Client Test fails to process SSL/TLS handshake

    Walter Trent Level 1

      Chrome have recently introduced new cipher suite support in chrome and chromium (NSS and OpenSSL patches are nearby too). This cipher was described in http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-02 with the following codes:

      • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = {0xcc, 0x13}
      • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
      • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =     {0xcc, 0x15}

       

      I guess that's why https://www.ssllabs.com/ssltest/viewMyClient.html fails to process Chrome's SSL/TLS handshake.

       

      At this moment these are the 5 top cipher suits in chrome:

      1. ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
      2. ECDHE-RSA-CHACHA20-POLY1305-SHA256
      3. ECDHE-ECDSA-AES128-GCM-SHA256
      4. ECDHE-RSA-AES128-GCM-SHA256
      5. DHE-RSA-AES128-GCM-SHA256

       

      Note that all of these suites use key size = 128bit, while Firefox 25 top 10 suites are 256-bit. Meh, at least all these 128-bit suites are supposed to be fast.

       

      More information about Chacha20 and Poly1305 can be found at https://www.imperialviolet.org/2013/10/07/chacha20.html