Primary eng (and PM) emails
Remove pre-standard variants of ChaCha20-Poly1305 cipher suites for Chrome 58 (after the current release branches).
In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein's ChaCha20 and Poly1305 algorithms. These was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49.
Compatibility And Interoperability Risk
Negligible compatibility risk. Only Chromium-based browsers ever implemented the pre-standard variant. TLS parameters are negotiated, so any remaining servers still selecting those ciphers would pick a different cipher suite, likely one based on AES-GCM which we also consider secure. The pre-standard variants were also never shipped by any official releases of commonly-used server software like OpenSSL.
Alternative implementation suggestion for web developers
Use the standardized variant, or AES-GCM.
Usage information from UseCounter
1% of TLS connections from Chrome use these ciphers, compared to 26% which use the standardized ones. Note that those 1% of servers will all simply fall back to another cipher suite. Other browsers did not ship these ciphers.
OWP launch tracking bug
Entry on the feature dashboard
Requesting approval to remove too?
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to email@example.com.