Index: openssl/patches/chacha20poly1305.patch |
diff --git a/openssl/patches/chacha20poly1305.patch b/openssl/patches/chacha20poly1305.patch |
index 4f7845edafbd0469512d9bf069d77f66ca8d1b47..c922e0e6ef493c3b8f4eb7bc4e467c727b17d95a 100644 |
--- a/openssl/patches/chacha20poly1305.patch |
+++ b/openssl/patches/chacha20poly1305.patch |
@@ -48,6 +48,21 @@ Add support for Chacha20 + Poly1305. |
create mode 100644 crypto/poly1305/poly1305_vec.c |
create mode 100644 crypto/poly1305/poly1305test.c |
+diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c |
+index db85b29..cebb18a 100644 |
+--- a/ssl/ssl_ciph.c |
++++ b/ssl/ssl_ciph.c |
+@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
+ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
+ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
+ |
+- /* AES is our preferred symmetric cipher */ |
++ /* CHACHA20 is fast and safe on all hardware and is thus our preferred |
++ * symmetric cipher, with AES second. */ |
++ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
+ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
+ |
+ /* Temporarily enable everything else for sorting */ |
diff --git a/Configure b/Configure |
index 9c803dc..1b95384 100755 |
--- a/Configure |