> I have two servers for testing purpose : > - debian 6, apache 2.2, openssl 1.0.1t (mutu) > - centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated) > > Now, these 2 serveurs offers only those ciphers : > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) > > I have two goals. First, I would like to use at least secp384r1 > and second (no problem), use an ECC certificate. > > Is it possible to do it with CHACHA20-POLY1305 ? > Is it possible to use this cipher on those servers ? You need OpenSSL 1.1.0 or above for ChaCha20/Poly1305: $ openssl version OpenSSL 1.1.0b 26 Sep 2016 $ openssl ciphers | tr ':' '\n' | grep -i chacha ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 RSA-PSK-CHACHA20-POLY1305 DHE-PSK-CHACHA20-POLY1305 ECDHE-PSK-CHACHA20-POLY1305 PSK-CHACHA20-POLY1305 Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
