From 62693855e8cb88b9432398b3887b7fecd6e50372 Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Thu, 5 Jan 2017 11:30:16 -0700 Subject: [PATCH 1/3] Add ChaCha20 ciphers to the default cipher list. --- server/ciphersuites_1.8.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/ciphersuites_1.8.go b/server/ciphersuites_1.8.go index 83826423c6b..8c83f2804f8 100644 --- a/server/ciphersuites_1.8.go +++ b/server/ciphersuites_1.8.go @@ -39,6 +39,8 @@ func defaultCipherSuites() []uint16 { tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, } } From 57785c55fbe0c4ff2655cdbbe51a830beca933a0 Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Thu, 5 Jan 2017 16:02:04 -0700 Subject: [PATCH 2/3] Bump ChaCha ciphers in preferences --- server/ciphersuites_1.8.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/ciphersuites_1.8.go b/server/ciphersuites_1.8.go index 8c83f2804f8..d22d8e57a51 100644 --- a/server/ciphersuites_1.8.go +++ b/server/ciphersuites_1.8.go @@ -35,12 +35,12 @@ var cipherMap = map[string]uint16{ func defaultCipherSuites() []uint16 { return []uint16{ + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, - tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, } } From c9a28b9fc0b2aa9584123de7bddff19015a8adc8 Mon Sep 17 00:00:00 2001 From: Colin Sullivan Date: Thu, 5 Jan 2017 16:13:44 -0700 Subject: [PATCH 3/3] Reorder based on comments. --- server/ciphersuites_1.8.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/ciphersuites_1.8.go b/server/ciphersuites_1.8.go index d22d8e57a51..6eecb6576b7 100644 --- a/server/ciphersuites_1.8.go +++ b/server/ciphersuites_1.8.go @@ -35,8 +35,8 @@ var cipherMap = map[string]uint16{ func defaultCipherSuites() []uint16 { return []uint16{ - tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,