[TK-496] Add support for CHACHA20 TLS 1.2 ciphers - Puppet Tickets

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Component/s: TrapperKeeper
Labels:
None

Team:
Froyo

QA Risk Assessment:
Needs Assessment

Description

Our cipher suite preferences (which we get from Mozilla) include two cipher suites that we currently don't accept:

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

As far as we know, these cipher suites are not available for Java 8, but in theory a client preferring these ciphers should be able to fall back if they're unavailable.

If we decide this is a worthwhile investment, we should verify that everything works as expected for Java 8 (i.e. we fall back to an appropriate cipher suite and nothing blows up).

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Molly Waggett

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021/09/01 3:02 PM

Updated:: 2022/02/03 6:05 AM

Resolved:: 2021/09/15 10:19 AM