OpenSSL with ChaCha20-Poly1305 support

Update: Meanwhile you could also switch to the BoringSSL fork.

D. J. Bernstein’s ChaCha20-Poly1305┬áhas not been merged into the OpenSSL master branch yet (ETA, anyone?). If you are curious to test it with nginx or any other application relying on the OpenSSL libraries with support for TLS 1.2, you can check it out via the 1.0.2-aead branch:

$ git clone https://github.com/openssl/openssl.git
$ cd openssl
$ git checkout 1.0.2-aead

Then follow the usual instruction from the INSTALL file on how to compile OpenSSL.

2 thoughts on “OpenSSL with ChaCha20-Poly1305 support

  1. Almost hesitate to ask (and too pessimistic to poke around firsthand, tbh), but any updates on full support in OpenSSL’s master branch?

    We tend to focus in our line of work on the sexier PFS-related primitives in terms of suite optimisation, but the relevance of other components is beyond any reasonable question.

    Still, it hurts to see the slow-play & personally I tend to look the other way rather than risk another spin-up of frustration & disappointment.

    Cheers,

    ~ pj

Leave a Reply

Your email address will not be published. Required fields are marked *