ustream-ssl: mbedtls: use chacha-poly ciphersuites

These ciphersuites were added in mbedtls v2.12.0, so we may add them to the ustream-ssl ciphersuite list. They were already part of the list for openssl and wolfssl. Chacha20-Poly1305 is a 256-bit cipher with AEAD, much faster than AES on CPUs without special AES instructions (the case for most embedded chips). Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
author: Eneas U de Queiroz 2018-08-01 13:59:13 +0000
committer: Felix Fietkau 2019-06-24 14:29:27 +0000
commit: 738e8d2489fc64f782affd1292388c66f6d69e82 (patch)
tree: 81df70afcb9b13dee3888fce7e9913467d1ea2b5
parent: 23a3f2830341acd1db149175baf7315a33bd0edb (diff)
download: ustream-ssl-738e8d2489fc64f782affd1292388c66f6d69e82.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index 347c600..b7d7629 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -94,7 +94,9 @@ static int _urandom(void *ctx, unsigned char *out, size_t len)
 
 static const int default_ciphersuites_server[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
 	AES_CIPHERS(RSA),
 	0
@@ -102,8 +104,11 @@ static const int default_ciphersuites_server[] =
 
 static const int default_ciphersuites_client[] =
 {
+	MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_ECDSA),
+	MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(ECDHE_RSA),
+	MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	AES_CIPHERS(DHE_RSA),
 	MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
 	AES_CIPHERS(RSA),
author	Eneas U de Queiroz	2018-08-01 13:59:13 +0000
committer	Felix Fietkau	2019-06-24 14:29:27 +0000
commit	738e8d2489fc64f782affd1292388c66f6d69e82 (patch)
tree	81df70afcb9b13dee3888fce7e9913467d1ea2b5
parent	23a3f2830341acd1db149175baf7315a33bd0edb (diff)
download	ustream-ssl-738e8d2489fc64f782affd1292388c66f6d69e82.tar.gz