chrcoluk

chacha20 priority in chrome on ssllabs tester

Discussion created by chrcoluk on Jan 20, 2016
Latest reply on Jan 20, 2016 by tlussnig

Hi the tester reports if chacha20 is top of cipher list that chrome will not use it.

 

But based on my experience chrome will use it regardless of cpu AES-NI capability.

 

I respect I may have a config issue on my server but checking the source code which is here sslconfig/openssl__chacha20_poly1305_cf.patch at master · cloudflare/sslconfig · GitHub suggests I have configured correctly.

 

So basically chacha20 is first ion my web server cipher list, web server has server order preferred set.

Cipher shows as old_tls in ssllabs test result and at bottom.

Test result shows only android 5.x using the cipher (and I assume android 6.x) with chrome using AES-GCM but when I visit my domain using chrome on my desktop chacha 20 is used.

 

Research is showing that chrome developers decided to chrome prefer chacha20 regardless of host cpu.

Outcomes