@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
static const int default_ciphersuites_server[] =
{
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
AES_CIPHERS(ECDHE_ECDSA),
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
AES_CIPHERS(ECDHE_RSA),
AES_CIPHERS(RSA),
0
@@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] =
static const int default_ciphersuites_client[] =
{
+ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
AES_CIPHERS(ECDHE_ECDSA),
+ MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
AES_CIPHERS(ECDHE_RSA),
+ MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
AES_CIPHERS(DHE_RSA),
MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
AES_CIPHERS(RSA),
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. These ciphersuites were added in mbedtls v2.12.0, our current version, so we may add them to the ustream-ssl ciphersuite list. They were already part of the list for openssl and wolfssl. Chacha20-Poly1305 is a 256-bit cipher with AEAD, much faster than AES on CPUs without special AES instructions (the case for most embedded chips). Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>