This https://tools.ietf.org/html/rfc7539 is the definition of CHACHA20_POLY1305, it has nothing todo with Elliptic Curve.
Also there is an older draft that is the reason there are two sets of cipher suites. One now called old and an RFC conformant. That use different AEAD construction.
1 Like
thanks for heads up.. was wondering why dev.ssllabs.com reports OLD prefix in front of chacha20_poly1305. I am using LibreSSL 2.2.5 with Nginx 1.9 for chacha20_poly1305 support
looks like i need to start looking at LibreSSL 2.3.2 https://github.com/libressl-portable/portable/commit/d7317353a98930650711fa94c6110b16f191d4f2
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
2 Likes
Iām also on LibreSSL ā¦ however, Iād keep an eye on OpenSSL 1.1 as theyāre in the process of releasing a version with proper chacha20_poly1305 support according to https://www.openssl.org/news/openssl-1.1.0-notes.html
1 Like
You can try cloudflare patch, it works fine with openssl 1.0.2
adds only chacha20 poly1305
1 Like
ah almost forgot, just patched OpenSSL 1.0.2f as well as my Nginx stack can switch between LibreSSL 2.2.6 and OpenSSL 1.0.2f https://community.centminmod.com/threads/update-openssl-1-0-2-cloudflare-patch-for-chacha20_poly1305-support.5925/ 
Hi @eva2000, just to be the one to disappoint you: I just installed libressl-2.3.2 and found the available chacha20_poly1305 to use the old IDs 0xcc13ā0xcc15 instead of 0xcca8ā0xccaa.
$ openssl version
LibreSSL 2.3.2
$ openssl ciphers -V CHACHA20
0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEADyeah same here tried 2.3.2 and it has yet to merge or commit the newer chacha20_poly1305 in yet 
@ecdsa-chacha20 LibreSSL 2.3.2 is official out now http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.2-relnotes.txt but if according to your ID info still old ?
openssl ciphers -V CHACHA20
0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
Hi, yes these 3 types are the old non rfc version.
The new one are:
āTLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256ā , 0xCCa8
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" , 0xCCa9
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305" , 0xCCAA
1 Like
There are two Differences:
one is the calculation of the poly tag:
RFC : Poly1305( 16BytePadded(aad) , 16BytePadded(data) , 64bit(aad.length), 64bit(data.length) )
DRAFT: Poly1305( aad , 64bit(aad.length) , data , 64bit(data.length) )
And the other is different nonce initialization.
1 Like
Hi, im running nginx 1.9.12 with LibreSSL 2.3.2 and also get these three old Suites when typing in:
$ openssl ciphers -V CHACHA20 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
Could there be any changes in telling nginx to use the new Ciphers by adding different Parameters in the nginx config files?
@Henrock, no way. Itās not nginx to know ciphers, itās the SSL library. Additionally, the new ciphers are a little different than the one LibreSSL 2.3.2 supports. So either switch to OpenSSL 1.1 or wait for the LibreSSL guys to catch up.
1 Like
@ecdsa-chacha20 Haha, i know itās not nginx that includes these ciphers, i only meant that maybe there is a parameter to set in cfg of nginx to activate the ssl libraries newer ChaCha20-Poly1305 Ciphersā¦
But anyways, thank you.
CloudFlare has a new patch for OpenSSL 1.0.2g with the old Ɣnd new ChaChaPolysomething Works like a charm on my server, when I edited the patch a little bit.
BTW OpenSSL 1.1.0 also adds ChaCha20-Poly1305 support (among support for x25519 and such stuff). However it is in betaā¦
And the Cloudflare patch for OpenSSL 1.0.2 is - unfortunately - outdated as the latest release (which fixes some security issues) is OpenSSL 1.0.2h.
Compiles semi-fine on my Gentoo systemā¦ Iāve got an extra patch for the Makefile, because it would fail otherwise: https://gist.github.com/osirisinferi/60c1a2e8bff6df464ba12fd45f6ed0c1
And Iāve moved one line in the original patch:
osiris@server openssl $ diff /tmp/original-chacha-patch-from-cloudflare.patch openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch
4433a4434
> + poly1305_state poly_state;
4438d4438
< + poly1305_state poly_state;
osiris@server openssl $
In the original patch the line above is on line 4438, but I moved it to line number 4434 (just outside the #ifdef):
+ uint16_t poly_buffer_used;
+ uint16_t chacha_used;
+ poly1305_state poly_state;
+#ifdef CHAPOLY_x86_64_ASM
+ void (*poly1305_init_ptr)(poly1305_state *, const uint8_t *);
As far as I know, it doesnāt give any new bugs 
Also, I donāt know if this fixes anything on your system or if itās really neededā¦ I donāt know why the #ifdef CHAPOLY_x86_64_ASM isnāt triggered on my system (itās a 64 bits system Ć”nd Iām compiling it with assembler code supportā¦ Perhaps some Gentoo specific flukeā¦)
1 Like
yeah i switched back to LibreSSL 2.3 for my nginx LEMP stack installs for now
Iāve been running OpenSSL 1.1.0 pre 3 and 4 (and now 5) (from https://openssl.org/source/) on one production server for the last few weeks and for ānormalā webserver usage (apache+php+mysql) it seems to work fine, also with the ChaCha20-Poly1305 ciphersuites.