Index: openssl/ssl/ssl_ciph.c |
diff --git a/openssl/ssl/ssl_ciph.c b/openssl/ssl/ssl_ciph.c |
index db85b29bedb15dcbd99cf8ab9200fb10887a1250..cebb18a8ae51778fdbe4b58a2eb8b249caf10c89 100644 |
--- a/openssl/ssl/ssl_ciph.c |
+++ b/openssl/ssl/ssl_ciph.c |
@@ -1442,7 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, |
ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); |
- /* AES is our preferred symmetric cipher */ |
+ /* CHACHA20 is fast and safe on all hardware and is thus our preferred |
+ * symmetric cipher, with AES second. */ |
+ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); |
/* Temporarily enable everything else for sorting */ |