Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ChaCha20 type ciphers to avoid crippling servers without AES hardware acceleration #903

Open
fakuivan opened this issue Aug 4, 2021 · 3 comments
Open

Allow ChaCha20 type ciphers to avoid crippling servers without AES hardware acceleration #903

fakuivan opened this issue Aug 4, 2021 · 3 comments

Comments

@fakuivan
Copy link
Contributor

fakuivan commented Aug 4, 2021

The chacha20 family of ciphers are not considered insecure, and are an order of magnitude more efficient on servers that do not provide hardware acceleration for AES encryption (like all the raspberry pi models). Wireguard uses this cipher, it has been thoroughly analyzed and considered to be secure, so I see no reason why ChaCha20 should not be added to this list:

seadroid/app/src/main/java/com/seafile/seadroid2/ssl/SSLSeafileSocketFactory.java

Lines 112 to 148 in da6bc0c

protected String[] getCipherList() {
// only allow ciphers which are still considered secure.
// based on:
// https://briansmith.org/browser-ciphersuites-01.html
String[] preferredCiphers;
// Android up to 2.2 use other names
if (Build.VERSION.SDK_INT <= 8) {
preferredCiphers = new String[] {
"DHE-RSA-AES128-SHA",
"DHE-RSA-AES256-SHA",
"DHE-DSS-AES128-SHA",
"AES128-SHA",
"AES256-SHA"
};
} else {
preferredCiphers = new String[] {
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
// backward compatibility. offers no forward security.
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
// RFC 5746
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
};
}

This could be a massive performance buff for Raspberry Pi 4s running seafile with https on a gigabit lan.

Link to this topic in the forums:
https://forum.seafile.com/t/use-chacha-encryption-algorithms-instead-of-aes-for-https/14201/5
@fakuivan
Copy link
Contributor Author

fakuivan commented Aug 6, 2021

I'll suggest this source for filtering out insecure cipher suites https://wiki.mozilla.org/Security/Server_Side_TLS, It includes ChaCha20, even for very stringent security requirements.

@fakuivan fakuivan mentioned this issue Aug 6, 2021
Merged
@fakuivan
Copy link
Contributor Author

Unfortunately this was not enough to fix the issue, seadroid seems to not be able to parse the certificate or get any of its parameters thus it prompts me to authorize this "unknown" certificate. The default android certificate store is able to handle connections using these ciphers, as google chrome and Firefox do not have any problems connecting to the site, so we should check on the custom logic that has been put into seadroid to handle certificate exceptions for things like self signed certs and make sure those are also compatible.

Here's a screenshot (Spanish) if what this error looks like:

IMG_20210830_001045.jpg

@AlbertWeichselbraun
Copy link

Adding TLS 1.3 support to the app should fix this. There is even a corresponding pull request available (#913), that would fix the problem once it gets merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlbertWeichselbraun @fakuivan