- Status Unconfirmed
- Percent Complete
- Task Type Feature Request
- Category Website
- Assigned To No-one
- Operating System All
- Severity Low
- Priority Very Low
- Reported Version Trunk
- Due in Version Undecided
-
Due Date
Undecided
- Private
FS#2267 - downloads.openwrt.org: Upgrade from Debian 8 to 9, offer ChaCha20 TLS ciphersuites
The webserver on downloads.openwrt.org currently only offers AES, Camellia and 3DES ciphersuites for HTTPS connections, since the server is running Debian 8, nginx 1.6.2 and OpenSSL 1.0.1t.
An upgrade to Debian 9 with nginx 1.10.3 and OpenSSL 1.1.0j would be appreciated since this would enable the webserver to offer ChaCha20 ciphersuites, which offer a huge performance increase for embedded devices without AES-NI or similar hardware acceleration for AES.
The server seems to have been updated to Debian 9 in the meantime and is thus currently running nginx 1.10.3 with OpenSSL 1.1.0. This software stack supports Chacha20 ciphersuites, it just needs to be configured accordingly.
Unfortunately, the webserver seems still to be using the old, manually configurated "ssl_ciphers" configuration which lacks support for Chacha20 ciphersuites. My suggestion would be to use the configuration from here:
https://ssl-config.mozilla.org/#server=nginx&server-version=1.10.3&config=intermediate&openssl-version=1.1.0l%20