[openssl-users] stronger Kex

mlrx openssl.org at 18informatique.com
Wed Dec 21 15:07:06 UTC 2016


I have two servers for testing purpose :
- debian 6, apache 2.2,   openssl 1.0.1t      (mutu)
- centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated)

Now, these 2 serveurs offers only those ciphers :

I have two goals. First, I would like to use at least secp384r1
and second (no problem), use an ECC certificate.

Is it possible to do it with CHACHA20-POLY1305 ?
Is it possible to use this cipher on those servers ?

openssl ciphers -V CHACHA20 return an error on each server.
I understand it's because there is no chacha20 cipher (?).

Why can I connect a server by SSH with chacha20-poly1305 at openssh.com
and not using it with Apache ?

All advices are welcome :-).

Best regards,

More information about the openssl-users mailing list