Feature #2946
Support for ChaCha20-Poly1305 via OpenSSL
Description
From the cipher suites doc it seems curve25519 support is only provided with the curve25519 plugin. But from the source code it seems openssl can also provide support if a recent enough version is used. Is the doc not up-to-date in this case?
Another question is that openssl provides ChaCha20-Poly1305 support since version 1.1.0. And it seems strongswan never makes use of that. Is there any plan to be able to leverage openssl's ChaCha20 implementation?
Associated revisions
History
#1 Updated by Tobias Brunner about 3 years ago
- Category set to libstrongswan
- Status changed from New to Feedback
Is the doc not up-to-date in this case?
Yep (see 5.7.2).
Another question is that openssl provides ChaCha20-Poly1305 support since version 1.1.0. And it seems strongswan never makes use of that. Is there any plan to be able to leverage openssl's ChaCha20 implementation?
No, currently not.
#2 Updated by Tobias Brunner about 3 years ago
- Tracker changed from Issue to Feature
- Subject changed from Openssl cipher support to Support for ChaCha20-Poly1305 via OpenSSL
- Target version set to 5.8.0
- Affected version deleted (
5.7.2)
Another question is that openssl provides ChaCha20-Poly1305 support since version 1.1.0. And it seems strongswan never makes use of that. Is there any plan to be able to leverage openssl's ChaCha20 implementation?
No, currently not.
I quickly put together a patch, see the 2946-openssl-chapoly branch.
#3 Updated by Glen Huang about 3 years ago
Tobias Brunner wrote:
Another question is that openssl provides ChaCha20-Poly1305 support since version 1.1.0. And it seems strongswan never makes use of that. Is there any plan to be able to leverage openssl's ChaCha20 implementation?
No, currently not.
I quickly put together a patch, see the 2946-openssl-chapoly branch.
Great stuff. Looking forward to it being merged.
#4 Updated by Tobias Brunner about 3 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to Fixed
Merge branch 'openssl-chapoly'
Adds support for ChaCha20-Poly1305 via OpenSSL.
Fixes #2946.