Allow ChaCha20 type ciphers to avoid crippling servers without AES hardware acceleration

[fakuivan]

The chacha20 family of ciphers are not considered insecure, and are an order of magnitude more efficient on servers that do not provide hardware acceleration for AES encryption (like all the raspberry pi models). Wireguard uses this cipher, it has been thoroughly analyzed and considered to be secure, so I see no reason why ChaCha20 should not be added to this list:

seadroid/app/src/main/java/com/seafile/seadroid2/ssl/SSLSeafileSocketFactory.java

Lines 112 to 148 in da6bc0c

	protected String[] getCipherList() {
	// only allow ciphers which are still considered secure.
	// based on:
	// https://briansmith.org/browser-ciphersuites-01.html
	String[] preferredCiphers;
	// Android up to 2.2 use other names
	if (Build.VERSION.SDK_INT <= 8) {
	preferredCiphers = new String[] {
	"DHE-RSA-AES128-SHA",
	"DHE-RSA-AES256-SHA",
	"DHE-DSS-AES128-SHA",
	"AES128-SHA",
	"AES256-SHA"
	};
	} else {
	preferredCiphers = new String[] {
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
	"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
	"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
	"TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
	// backward compatibility. offers no forward security.
	"TLS_RSA_WITH_AES_128_CBC_SHA",
	"TLS_RSA_WITH_AES_256_CBC_SHA",
	// RFC 5746
	"TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
	};
	}

This could be a massive performance buff for Raspberry Pi 4s running seafile with https on a gigabit lan.

Link to this topic in the forums:
https://forum.seafile.com/t/use-chacha-encryption-algorithms-instead-of-aes-for-https/14201/5

[fakuivan]

I'll suggest this source for filtering out insecure cipher suites https://wiki.mozilla.org/Security/Server_Side_TLS, It includes ChaCha20, even for very stringent security requirements.

[fakuivan]

Unfortunately this was not enough to fix the issue, seadroid seems to not be able to parse the certificate or get any of its parameters thus it prompts me to authorize this "unknown" certificate. The default android certificate store is able to handle connections using these ciphers, as google chrome and Firefox do not have any problems connecting to the site, so we should check on the custom logic that has been put into seadroid to handle certificate exceptions for things like self signed certs and make sure those are also compatible.

Here's a screenshot (Spanish) if what this error looks like:

[AlbertWeichselbraun]

Adding TLS 1.3 support to the app should fix this. There is even a corresponding pull request available (#913), that would fix the problem once it gets merged.