Chacha20_Poly1305

Server
42

Well... at first the previous replies were about AES, which has nothing to do with the part about elliptical curves you quote.

But have a detailed look at their explanation:

NSA has decided that it may be more cost effective for some NSS to continue to use RSA and Diffie-Hellman [...]
NSA does not want to force NSS operators to pay for two cryptographic upgrades: first from RSA/Diffie-Hellman to ECC and then from ECC to quantum resistant cryptography.

So what they basically saying is: Don't bother about upgrading your system to elliptical curves, rather wait until you can upgrade to quantum-resitant encryption. Otherwise you have two work two times.

This is no argument against ECC! They only argue that large DH keys are not less secure than ECDH. And that's correct. The one argument why you might want to upgrade to ECDHE is speed.
And they also say you can use elliptical curves:

NSA supports the use of NIST P-384 in NSS.

43

it does affect both but it affects the server more because the server has to deal with more connections at the same time[quote="rugk, post:40, topic:9592"]
Quantum computers cannot break symmetric encryption!
[/quote]

okay. well the internet is large any many people are talking stuff and sometimes yout cant really know what's true.

44

Indeed. Especially myths about quantum crypto spread very fast. :laughing:

45

Yes, I kind of lost the thread on this, and was cross-posting from another thread.

46

but back to chachapoly.
is there some kinda benchmark where someone can test and compare certain types of HTTPS for example RSA 4096+AES GCM vs p521+chachapoly and just see how far the difference in performance is?

47

I tend to just use Chrome or Firefox and press F12 for Developer Tools, then look at the network timings (where the likes of SSL are separated out). Itā€™s fine for a comparative view on a LAN without needing server testing stuff.

48

As for ChaCha20 you should test whether your server('s CPU) has hardware support for AES. In this case AES is likely faster (on the server side).
See this issue on the Mozilla SSL Config Generator the for more information:

1 Like
49

Itā€™s only anecdotal evidence, but my i5 2500K (aka a 5 year old CPU now) gets about 2.5GBps in the TrueCrypt AES benchmark. I havenā€™t found a good ChaCha benchmark (Iā€™d have thought OpenSSL would have one, but if it does I canā€™t find out how to use it), but I canā€™t imagine it beating that.

Thatā€™s only part of the story though, you donā€™t know the clients capabilities. Equal preference groups in BoringSSL helps, along with varying the cipher order on the client side, but only Blink does that at the moment (Thereā€™s a bug for Firefox about doing the same). Or if you only support secure ciphers on the server, you could just disable server preference and let the client have final say.

50

Just successfully tested Nginx 1.11.3 with OpenSSL 1.1.0-pre6 with nginx patch https://community.centminmod.com/posts/34431/ :slight_smile:

nginx -V
nginx version: nginx/1.11.3
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with OpenSSL 1.1.0-pre6 (beta) 4 Aug 2016
TLS SNI support enabled
configure arguments: --with-ld-opt='-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion -Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --with-openssl-opt=enable-tlsext --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_gzip_static_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.30 --add-module=../echo-nginx-module-0.59 --add-module=../redis2-nginx-module-0.13 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.39 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.0-pre6

chacha20

openssl ciphers -V "ALL:COMPLEMENTOFALL" | grep -i chacha
          0xCC,0xA9 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xA8 - ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAA - DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAE - RSA-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=RSAPSK   Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAD - DHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=DHEPSK   Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAC - ECDHE-PSK-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHEPSK Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
          0xCC,0xAB - PSK-CHACHA20-POLY1305   TLSv1.2 Kx=PSK      Au=PSK  Enc=CHACHA20/POLY1305(256) Mac=AEAD
51

BTW you might change -fstack-protector to -fstack-protector-strong. It isjust wellā€¦ stronger. :smiley:
(I think Debian compiles nginx by default with the strong FStack protector)

1 Like
52

Thanks for the tip :slight_smile:

Will have to look up if GCC 4.4.7, 4.8.5, 4.9.1 and Clang 3.4.2 support it for CentOS 6 and 7

edit: GCC 4.8.5 works but Clang 3.4.2 failed on CentOS 7

nginx -V
nginx version: nginx/1.11.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with LibreSSL 2.4.2
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g -O3 -fstack-protector-strong --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module --with-http_secure_link_module --add-module=../nginx-module-vts --with-libatomic --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_gzip_static_module --add-dynamic-module=../ngx_pagespeed-release-1.11.33.3-beta --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0 --add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0 --add-module=../set-misc-nginx-module-0.31 --add-module=../echo-nginx-module-0.60 --add-module=../redis2-nginx-module-0.13 --add-module=../ngx_http_redis-0.3.7 --add-module=../lua-nginx-module-0.10.6 --add-module=../memc-nginx-module-0.17 --add-module=../srcache-nginx-module-0.31 --add-module=../headers-more-nginx-module-0.31 --with-pcre=../pcre-8.39 --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-openssl=../libressl-2.4.2