OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Feature Request
  • Category Website
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Pascal Ernster - 04.05.2019

FS#2267 - downloads.openwrt.org: Upgrade from Debian 8 to 9, offer ChaCha20 TLS ciphersuites

The webserver on downloads.openwrt.org currently only offers AES, Camellia and 3DES ciphersuites for HTTPS connections, since the server is running Debian 8, nginx 1.6.2 and OpenSSL 1.0.1t.

An upgrade to Debian 9 with nginx 1.10.3 and OpenSSL 1.1.0j would be appreciated since this would enable the webserver to offer ChaCha20 ciphersuites, which offer a huge performance increase for embedded devices without AES-NI or similar hardware acceleration for AES.

Pascal Ernster commented on 11.12.2019 12:54

The server seems to have been updated to Debian 9 in the meantime and is thus currently running nginx 1.10.3 with OpenSSL 1.1.0. This software stack supports Chacha20 ciphersuites, it just needs to be configured accordingly.

Unfortunately, the webserver seems still to be using the old, manually configurated "ssl_ciphers" configuration which lacks support for Chacha20 ciphersuites. My suggestion would be to use the configuration from here:

https://ssl-config.mozilla.org/#server=nginx&server-version=1.10.3&config=intermediate&openssl-version=1.1.0l%20

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing