Use ChaCha only if prioritized by clnt

IFF the client has ChaCha first, and server cipher priority is used, and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used, then reprioritize ChaCha above everything else. This way, A matching ChaCha cipher will be selected if there is a match. If no ChaCha ciphers match, then the other ciphers are used. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4436)
author: Todd Short <tshort@akamai.com> 2015-12-21 15:19:29 -0500
committer: Pauli <paul.dale@oracle.com> 2017-11-30 07:13:08 +1000
commit: e1c7871de80029b81824df4d59edc6de5293835f (patch)
tree: 8b5e34751cbc70493dbbb36cddaf7f85cd943ccd /include
parent: 92b1b9a8871530f26ef7df972111297ffa721be2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 176425a61d..a5251b59cc 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -338,6 +338,9 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
 /* Disable encrypt-then-mac */
 # define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+/* Prioritize Chacha20Poly1305 when client does.
+ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
+# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U
 /*
  * Set on servers to choose the cipher according to the server's preferences
  */
author	Todd Short <tshort@akamai.com>	2015-12-21 15:19:29 -0500
committer	Pauli <paul.dale@oracle.com>	2017-11-30 07:13:08 +1000
commit	e1c7871de80029b81824df4d59edc6de5293835f (patch)
tree	8b5e34751cbc70493dbbb36cddaf7f85cd943ccd /include
parent	92b1b9a8871530f26ef7df972111297ffa721be2 (diff)