Bug 1373160

Summary: chacha20-poly1305 in openssl
Product: Red Hat Enterprise Linux 7 Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: mpoole, szidek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-28 16:37:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1373157    

Description Nikos Mavrogiannopoulos 2016-09-05 11:35:20 UTC 
The CHACHA20-POLY1305 algorithm is specified in rfc7539, and is being adopted by TLS 1.3 and IPSec (rfc7634). It is becoming the de-facto backup algorithm of AES-GCM (implemented in all major browsers), and is being included into all major crypto libraries. 

We should include chacha20-poly1305 in RHEL7 when possible.
Comment 1 Tomas Mraz 2016-09-05 11:45:12 UTC 
chacha20-poly1305 is not present in openssl 1.0.2 branch. Rebasing to 1.1.0 is impossible and that means the chacha20-poly1305 support would have to be backported. It would be severally non-trivial and I do not think this is feasible for 7.4. We might consider the backport for future RHEL-7 update if there is strong customer demand.
Comment 4 Tomas Mraz 2017-11-28 16:36:55 UTC 
The chachapoly support is not going to be included in openssl-1.0.2
Comment 5 Red Hat Bugzilla Rules Engine 2017-11-28 16:37:00 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.