chacha20

In recent years, Google, Baidu, Facebook and other internet giants vigorously implement HTTPS, many large internet companies at home and abroad have also enabled full-site https. Google also launched a new encryption suite chacha20-poly1305 for mobile optimization.Pat Cloud CDN has fully supported Google's launch of the mobile-optimized encryption Suite--chacha20-poly1305. On the cloud platform, all CDN use

Keeping an eye on the JDK process or Oracle's children's shoes all know that JDK 11 has entered the Rampdown Phase one phase at the end of June, when all new features of JDK 11 have been frozen and no longer added to the new JEP. Since some recent posts about the Des,3des and AES algorithms have been written, it is very interesting to note that one of the 17 new Jep included in JDK11---ChaCha20 and Poly1305 encryption algorithms----.

The current version of OPENSSL-1.0.2J does not support Google's CHACHA20 encryption algorithm. The CHACHA20 encryption algorithm is relatively safe relative to RC4, and is optimized for ARM's mobile phone, making it faster and more power-saving.However, the latest Intel processors and ARM V8 processors are optimized for AES-GCM encryption algorithms through the AES-NI instruction set, which is much faster t

JDK libraries.Update the Platform API to support Unicode version 10.0, so Java keeps up with the trend. The following classes are expected to support:Character and string in the Lang packetNumericshaper in the Awt.font packageBidi, Breakiterator, and Normalizer in the text packageImplement CHACHA20 and Poly1305 encryption algorithms. CHACHA20 is a relatively new stream encryption algorithm, which can repla

Selection The cipher suite (CipherSuite) is an important parameter to be negotiated in the SSL handshake. The client willClient HelloWith the list of supported CipherSuite, the server selects one from and passesServer Hello. If the CipherSuite list supported by the client does not overlap with the CipherSuite list configured by the server, negotiation cannot be completed and the handshake fails. CipherSuite includes multiple technologies, such as Authentication algorithm, Encryption algorithm,

Google has recently accelerated the browsing of Android platform security pages by controlling browsers and the sites it accesses--Elie Bursztein, head of Google's Anti-Abuse research team, said in a Thursday blog post that Google has launched a faster new encryption algorithm These two cryptographic algorithms, named ChaCha20 and Poly1305, are added to the Chrome browser. "ChaCha20 and Poly1305 will app

of IANA. You can run the following command to view all the CipherSuite supported by the OpenSSL Library: openssl ciphers -V | column -t0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDHAu=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD... ... 0xCC, 0x14 is the number of CipherSuite, which is used in SSL handshake. ECDHE-ECDSA-CHACHA20-POLY1305 is its name, af

something to lose, HTTPS, while increasing the security of the site, but also increase the time users visit the site and the performance of the server consumption. Let's look at some of the problems that HTTPS faces. HTTPS multiple handshake, will reduce the user access speed to some extent After the site has switched to HTTPS, the way HTTP jumps to HTTPS increases user access time (most sites use 301, 302 jumps) HTTPS involves a security algorithm that consumes CPU resources a

something to lose, HTTPS, while increasing the security of the site, but also increase the time users visit the site and the performance of the server consumption. Let's look at some of the problems that HTTPS faces. HTTPS multiple handshake, will reduce the user access speed to some extent After the site has switched to HTTPS, the way HTTP jumps to HTTPS increases user access time (most sites use 301, 302 jumps) HTTPS involves a security algorithm that consumes CPU resources a

SSL3 are discarded.ssl_protocols TLSv1 TLSv1.1 TLSv1.2;Second, it is recommended to enable Ssl_prefer_server_ciphers, which tells Nginx to enable the server algorithm first in the TLS handshake, and the server chooses the adaptation algorithm instead of the client:onThen, choose the optimal cipher suite and order of precedence, specifically refer to Mozilla's Https://wiki.mozilla.org/Security/Server_Side_TLS. preference is given to algorithms that support forward encryption and are prioritized

. installation Shadowsocks-go//Direct mode wget Https://github.com/shadowsocks/shadowsocks-go/releases/download/1.1.5/shadowsocks-server-linux64-1.1.5.gz Unzip the file and go to the file directory Create a new file under this directory Config.json { "Server": "::", "Port_password": { " 8380": "xust20160", " 8381": "xust20161", " 8382": "xust20162", " 8383": "xust20163", " 8384": "xust20164 " }, " method": "Chacha20", "Timeout": }Attention: the

the website has been supported after opening HTTP/2? Chrome/firefox Browser can install HTTP/2 and SPDY indicator This extension, if the site support HTTP/2 then automatically display as blue, if Gray is not supported, in addition to Chrome51 later need to support ALPN, Otherwise demote to http/1.1OpenSSL versionALPN needs OpenSSL 1.0.2 support, the current Oneinstack version has been supported OpenSSL 1.0.2, you can enter nginx-v for viewing. Nginx HTTPS optimization On the V2 to see a use

; Ssl_session_timeout 1d; Ssl_session_cache shared:ssl:50m; Ssl_session_tickets off; # Diffie-hellman parameter for DHE ciphersuites, recommended 2048 bits SSL_DHPARAM/PATH/TO/DHPARAM.PEM; # Intermediate configuration. Tweak to your needs. Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Ssl_ciphers ' ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305:ecdhe-ecdsa-aes128-gcm-sha256: Ecdhe-rsa-ae

/your_acl_rule.conf; # Certs sent to the client in SERVER HELLO is concatenated in Ssl_certificate ssl_certificate SSL/FANDENGGUI.COM.P Em Ssl_certificate_key Ssl/fandenggui.com.key; Ssl_session_timeout 1d; Ssl_session_cache shared:ssl:50m; Ssl_session_tickets off; Ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; Ssl_ciphers ' Ecdhe-rsa-aes256-gcm-sha512:dhe-rsa-aes256-gcm-sha512:ecdhe-rsa-aes256-gcm-sha384:d he-rsa-aes256-gcm-sha384:ecdhe-rsa-aes256-sha384:ecdhe-ecdsa-

ciphersuites, recommended 2048 bits SSL_DHPARAM/PATH/TO/DHPARAM.PEM; # Intermediate configuration. Tweak to your needs. Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Ssl_ciphers ' ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305:ecdhe-ecdsa-aes128-gcm-sha256: Ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384:ecdhe-rsa-aes256-gcm-sha384:d He-rsa-aes128-gcm-sha256:dhe-rsa-aes256-gcm-sha384:ecdh

configuration of pixcar Because pixcar must support both http and https and http2, the specific configuration and mozilla best practices are changed. server_name pixcargoluk.com; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-

message with a password and sends it to the browser;5. Finally, the browser decrypts and computes a hash algorithm-encrypted handshake message, and if it is consistent with the hash sent by the service, the server and browser will use the random password and symmetric encryption algorithm generated by the browser to encrypt the data after the handshake process is finished.HTTPS Handshake ProcessHTTPS Encryption algorithmTo protect data security, HTTPS uses a number of cryptographic algorithms:1

Default.backup Backing up the Nginx Web site configuration file4. Then, create a new default file with a text editor and enter the following: server {Listen 443 SSL HTTP2 default_server; Listen [::]:443 SSL HTTP2 default_server; root/var/www/html; Index index.html index.htm index.php; server_name 192.168.1.13; Location/{Try_files $uri $uri/= 404; } SSL_CERTIFICATE/ETC/NGINX/SSL/NGINX.CRT; Ssl_certificate_key/etc/nginx/ssl/nginx.key; Ssl_protocols TLSv

objs/nginx/usr/ Local/nginx/sbin Nginx-v 2>1 | grep-o ngx_cache_purge # display ngx_cache_purge indicates successful installation 2. Nginx ConfigurationIt is recommended that the Fastcgi_cache_path be set TMPFS in memory and the operating system will have different TMPFS paths, as follows:Centos:/dev/shmUbuntu and Debian:/run/shmModify the Nginx virtual host configuration file/usr/local/nginx/conf/vhost/blog.linuxeye.com.conf: The code is as follows:Fastcgi_cache_path/dev/shm/nginx-cache

; Listen 443 ssl; Ssl_certificate/opt/service/nginx/ssl/domain.com. crt; Ssl_certificate_key/opt/service/nginx/ssl/domain.com. key; Ssl_session_cache shared: SSL: 10 m; Ssl_session_timeout 60 m; Ssl_session_tickets on; Ssl_prefer_server_ciphers on; Ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES :! MD5; Location ^ ~ /. Well-known/acme-challenge /{ Alias/opt/service/www/ch