Use of boringssl equal-preference cipher groups with nginx

Alex alex at zeitgeist.se
Sat Aug 23 18:38:05 UTC 2014


Hi again,

On 2014-08-18 09:17, Alex wrote:
> Hi,
> 
> I have successfully compiled nginx/1.7.4 with boringssl. One thing I
> am not sure if it's possible already is to take advantage of
> equal-preference cipher groups that Boringssl supports.
> 
> [...]
> 
> Would this already work with nginx' ssl_ciphers parameter or would
> nginx require further patching to support such grouping parameter?

I feel kinda stupid that I didn't figure it out earlier. Of course it's 
possible out of the box with nginx/boringssl. I made a small writeup 
here:

https://www.zeitgeist.se/2014/08/23/we-like-aes-and-chacha20-equally-thanks-to-boringssl/

Basically, you group ciphers in the ciphers list like this: 
[ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256]

Best,
Alex



More information about the nginx mailing list