<div dir="ltr"><div>Hello,</div><div><br></div><div>Trying to get CHACHA20-POLY1305 Server Preference ... Working with tlsv1.2 but NOK with tlsv1.3</div><div><br></div><div>** Tried with a Custom OpenSSL.conf ServerPreference,PrioritizeChaCha
</div><div><br></div><div>OPENSSL_CONF=$HOME/conf/openssl.conf $HOME/bin/nginx.exe<br></div><div><br></div><div>[default_conf]<br>ssl_conf = ssl_sect<br>[ssl_sect]<br>system_default = system_default_sect<br>[system_default_sect]<br>Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384<br>Options = ServerPreference,PrioritizeChaCha</div><div><br></div><div>** Tried by patching
src/event/ngx_event_openssl.c
</div><div><br></div><div>- SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);<br>+ SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_PRIORITIZE_CHACHA);</div><div><br></div><div>
** Tried by patching
src/event/ngx_event_openssl.c
</div><div><br></div><div>nginx -s reload<br>nginx: [emerg] SSL_CTX_set_cipher_list("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match)</div><div><br></div><div>ssl_prefer_server_ciphers on;<br>ssl_protocols TLSv1.3;<br>ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_CCM_SHA256;</div><div><br></div><div></div><div>my config is working like a charm with tlsv1.2 but i cannot get CHACHA20 prioritized with tlsv1.3
... hence my question ...how to do with nginx version: nginx/1.18.0 ?</div><div><br></div><div>tx, V.<br></div><div><br></div></div>