diff options
| author | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-11-21 16:34:44 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2013-11-21 16:34:44 +0000 |
| commit | f50952b0ae7fde883e66289d6629ee625f292df2 (patch) | |
| tree | e7ffe5ce5137d5f192c716d322c226a28f9dd603 /openssl/ssl | |
| parent | 74e3032cd121a9275486e6b5653da87b3285cf7d (diff) | |
| download | openssl-f50952b0ae7fde883e66289d6629ee625f292df2.tar.gz | |
OpenSSL: prefer ChaCha20 ciphersuites.
ChaCha20 is safe and fast on all hardware, while AES-GCM is only so when using
hardware support. Google servers will be using the client's preference to
select between ChaCha20 and AES-GCM and this change makes ChaCha the top
preference on Android.
BUG=310768
https://codereview.chromium.org/76823002/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@236537 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
Diffstat (limited to 'openssl/ssl')
| -rw-r--r-- | openssl/ssl/ssl_ciph.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c index db85b29..cebb18a 100644 --- a/openssl/ssl/ssl_ciph.c +++ b/openssl/ssl/ssl_ciph.c @@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - /* AES is our preferred symmetric cipher */ + /* CHACHA20 is fast and safe on all hardware and is thus our preferred + * symmetric cipher, with AES second. */ + ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); /* Temporarily enable everything else for sorting */ |