You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The webserver on downloads.openwrt.org currently only offers AES, Camellia and 3DES ciphersuites for HTTPS connections, since the server is running Debian 8, nginx 1.6.2 and OpenSSL 1.0.1t.
An upgrade to Debian 9 with nginx 1.10.3 and OpenSSL 1.1.0j would be appreciated since this would enable the webserver to offer ChaCha20 ciphersuites, which offer a huge performance increase for embedded devices without AES-NI or similar hardware acceleration for AES.
The text was updated successfully, but these errors were encountered:
The server seems to have been updated to Debian 9 in the meantime and is thus currently running nginx 1.10.3 with OpenSSL 1.1.0. This software stack supports Chacha20 ciphersuites, it just needs to be configured accordingly.
Unfortunately, the webserver seems still to be using the old, manually configurated "ssl_ciphers" configuration which lacks support for Chacha20 ciphersuites. My suggestion would be to use the configuration from here:
hardfalcon:
The webserver on downloads.openwrt.org currently only offers AES, Camellia and 3DES ciphersuites for HTTPS connections, since the server is running Debian 8, nginx 1.6.2 and OpenSSL 1.0.1t.
An upgrade to Debian 9 with nginx 1.10.3 and OpenSSL 1.1.0j would be appreciated since this would enable the webserver to offer ChaCha20 ciphersuites, which offer a huge performance increase for embedded devices without AES-NI or similar hardware acceleration for AES.
The text was updated successfully, but these errors were encountered: