AnsweredAssumed Answered

Chrome 32 promotes Chacha20/Poly1305 suite, SSL Client Test fails to process SSL/TLS handshake

Question asked by Walter Trent on Nov 7, 2013
Latest reply on Nov 25, 2013 by Ivan Ristic

Chrome have recently introduced new cipher suite support in chrome and chromium (NSS and OpenSSL patches are nearby too). This cipher was described in http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-02 with the following codes:

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = {0xcc, 0x13}
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =     {0xcc, 0x15}

 

I guess that's why https://www.ssllabs.com/ssltest/viewMyClient.html fails to process Chrome's SSL/TLS handshake.

 

At this moment these are the 5 top cipher suits in chrome:

  1. ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
  2. ECDHE-RSA-CHACHA20-POLY1305-SHA256
  3. ECDHE-ECDSA-AES128-GCM-SHA256
  4. ECDHE-RSA-AES128-GCM-SHA256
  5. DHE-RSA-AES128-GCM-SHA256

 

Note that all of these suites use key size = 128bit, while Firefox 25 top 10 suites are 256-bit. Meh, at least all these 128-bit suites are supposed to be fast.

 

More information about Chacha20 and Poly1305 can be found at https://www.imperialviolet.org/2013/10/07/chacha20.html

Outcomes