Hello, I also thank you. It was useful to. Best regards. benoist Le 27/12/2016 à 17:38, Jeffrey Walton wrote : >> I have two servers for testing purpose : >> - debian 6, apache 2.2, openssl 1.0.1t (mutu) >> - centos 7, apache 2.4.6, openssl 1.0.1e-fips (dedicated) >> >> Now, these 2 serveurs offers only those ciphers : >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) >> >> I have two goals. First, I would like to use at least secp384r1 >> and second (no problem), use an ECC certificate. >> >> Is it possible to do it with CHACHA20-POLY1305 ? >> Is it possible to use this cipher on those servers ? > > You need OpenSSL 1.1.0 or above for ChaCha20/Poly1305: > > $ openssl version > OpenSSL 1.1.0b 26 Sep 2016 > > $ openssl ciphers | tr ':' '\n' | grep -i chacha > ECDHE-ECDSA-CHACHA20-POLY1305 > ECDHE-RSA-CHACHA20-POLY1305 > DHE-RSA-CHACHA20-POLY1305 > RSA-PSK-CHACHA20-POLY1305 > DHE-PSK-CHACHA20-POLY1305 > ECDHE-PSK-CHACHA20-POLY1305 > PSK-CHACHA20-POLY1305 > > Jeff > -- benoist -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
