ChaCha20-Poly1305 is faster than AES when implemented in software (i.e. where AES is not accelerated in hardware with e.g. AES-NI capable CPUs).
I think the GL iNet range of mini-routers are probably a good match for ChaCha20-Poly1305, but the bundled OpenVPN seems to be built using OpenSSL 1.0.2, which doesn’t support Cha Cha etc.
Would it be possible to build OpenVPN with OpenSSL 1.1.0 please, to enable such extra ciphers?
Will check openvpn and openssl update and hopefully to have these in next release.
Any word on this?
On my Mudi, it still throws an error if I use TLS-Ciphers ‘ECDHE-RSA-CHACHA20-POLY1305’. The error says that the OpenSSL version is 1.0.2.
library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenSSL: error:1410D0B9:lib(20):func(269):reason(185)
Failed to set restricted TLS cipher list: ECDHE-RSA-CHACHA20-POLY1305
Exiting due to fatal error