from Hacker News

Support for ChaCha20-Poly1305 released in OpenSSL 1.1.0

by ktt on 12/10/15, 11:41 AM with 22 comments

  • by wolf550e on 12/10/15, 3:31 PM

    "SSL/TLS state machine, version negotiation and record layer rewritten" from the release notes sounds scary.

    The changelog says:

      *) State machine rewrite. The state machine code has been significantly
     refactored in order to remove much duplication of code and solve issues
     with the old code (see ssl/statem/README for further details). This change
     does have some associated API changes. Notably the SSL_state() function
     has been removed and replaced by SSL_get_state which now returns an
     "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed
     altogether. The previous handshake states defined in ssl.h and ssl3.h have
     also been removed.
     [Matt Caswell]

  • by ultramancool on 12/10/15, 6:10 PM

    Chacha20 is nice, but I think the key exchange is a bigger problem right now. What's the situation with Curve25519 in here?

    Weak DH and ECDHE using NIST curves concerns me far more than AES-GCM which is readily available for example. Configuring DH properly requires extra effort for administrators and ECDHE relies on NIST curves which are prone to implementation error and some have even called into question the NSA-NIST relationship behind the "random" curves.

  • by tveita on 12/10/15, 2:17 PM

    Has this been standardized yet? The latest draft I can find still has a bunch of 0xTBD values for the cipher suite numbers.

    https://datatracker.ietf.org/doc/draft-ietf-tls-chacha20-pol...

  • by Zash on 12/10/15, 2:42 PM

    Is OpenSSL 1.1.0 really released? The comment linked does not say so, only that the feature has landed in vcs.

    Edit: https://openssl.org/news/newslog.html says "Alpha 1 of OpenSSL 1.1.0 is now available"

  • by dmbaggett on 12/10/15, 3:03 PM

    Public shout-out to Andy Polyakov. As a grizzled veteran of assembly coding from way back in the day, I find his work on openssl hugely impressive.

  • by runesoerensen on 12/10/15, 3:09 PM

    There are lots of interesting features and changes in this (alpha 1) release. Release notes and full changelog: https://openssl.org/news/openssl-1.1.0-notes.html