Skip navigation
3909 Views 4 Replies Latest reply: Nov 25, 2013 2:37 AM by Ivan Ristic RSS
Walter Trent Level 1 5 posts since
Nov 7, 2013
Currently Being Moderated

Nov 7, 2013 6:11 AM

Chrome 32 promotes Chacha20/Poly1305 suite, SSL Client Test fails to process SSL/TLS handshake

Chrome have recently introduced new cipher suite support in chrome and chromium (NSS and OpenSSL patches are nearby too). This cipher was described in http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-02 with the following codes:

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = {0xcc, 0x13}
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = {0xcc, 0x14}
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 =     {0xcc, 0x15}

 

I guess that's why https://www.ssllabs.com/ssltest/viewMyClient.html fails to process Chrome's SSL/TLS handshake.

 

At this moment these are the 5 top cipher suits in chrome:

  1. ECDHE-ECDSA-CHACHA20-POLY1305-SHA256
  2. ECDHE-RSA-CHACHA20-POLY1305-SHA256
  3. ECDHE-ECDSA-AES128-GCM-SHA256
  4. ECDHE-RSA-AES128-GCM-SHA256
  5. DHE-RSA-AES128-GCM-SHA256

 

Note that all of these suites use key size = 128bit, while Firefox 25 top 10 suites are 256-bit. Meh, at least all these 128-bit suites are supposed to be fast.

 

More information about Chacha20 and Poly1305 can be found at https://www.imperialviolet.org/2013/10/07/chacha20.html

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points