Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CHACHA20 not listed #188

Open
agniveshadhikari opened this issue Dec 3, 2021 · 3 comments
Open

CHACHA20 not listed #188

agniveshadhikari opened this issue Dec 3, 2021 · 3 comments

Comments

@agniveshadhikari
Copy link

First I tried just running the cipherscan script on it's own ( I copied just this file from this repo, and ran it).

$ ./cs redacted
...../cs: line 1589: ./cscan.sh: No such file or directory

Target: redacted

prio  ciphersuite                  protocols  pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  npn          pfs
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None
3     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2    2048         sha384WithRSAEncryption  True     None         False        h2,http/1.1  X25519,253bits  None

OCSP stapling: not supported
Cipher ordering: server
Curves ordering: unknown - fallback: no
Renegotiation test error
Supported compression methods test error

TLS Tolerance: no
Fallbacks required:
big-SSLv3 config not supported, connection failed
big-TLSv1.0 config not supported, connection failed
big-TLSv1.1 config not supported, connection failed
big-TLSv1.2 config not supported, connection failed
small-SSLv3 config not supported, connection failed
small-TLSv1.0 config not supported, connection failed
small-TLSv1.1 config not supported, connection failed
small-TLSv1.2 config not supported, connection failed
v2-big-TLSv1.2 config not supported, connection failed
v2-small-SSLv3 config not supported, connection failed
v2-small-TLSv1.0 config not supported, connection failed
v2-small-TLSv1.1 config not supported, connection failed
v2-small-TLSv1.2 config not supported, connection failed

Then I cloned the whole repo and ran the same command.

$ ./cipherscan redacted
............
Target: redacted
prio  ciphersuite                  protocols  pfs                 curves
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,secp384r1
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2    ECDH,P-256,256bits  prime256v1,secp521r1,secp384r1

Certificate: trusted, 2048 bits, sha384WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: h2,http/1.1
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes

Intolerance to:
 SSL 3.254           : absent
 TLS 1.0             : PRESENT
 TLS 1.1             : PRESENT
 TLS 1.2             : absent
 TLS 1.3             : absent
 TLS 1.4             : absent

As you can see, CHACHA disappeared from the list. I know CHACHA does work with this server. (Tested with openssl s_client)
@q2dg
Copy link

q2dg commented Nov 24, 2023

Maybe it's because this project seems abandoned...

@tomato42
Copy link
Member

not abandoned, but definitely not actively developed; the listed ciphers depend on the used openssl version. if it doesn't support Chacha20, then the test won't list chacha20 as available

@janbrasna
Copy link

@agniveshadhikari The difference may be related to #179 — using your OpenSSL version vs. the bundled one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tomato42 @janbrasna @q2dg @agniveshadhikari