How can we improve the Microsoft Edge developer experience?

Support ChaCha20/Poly1305 cipher suites in Edge/Schannel

ChaCha20/Poly1305 cipher suites are considered as the best stream cipher replacement for the obsolete RC4 stream cipher suites. It's also the only AEAD alternative to AES-GCM cipher suites right now.

It's already supported by Google Chrome, Android and Opera and just recently patch with ChaCha20/Poly1305 landed in OpenSSL library.
https://github.com/openssl/openssl/commit/bd989745b7a4796dceff89d93b6b7ac1561c6227

I think it would be helpful to support it in Schannel and Edge as well.

193 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Martin Suchan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Bernd P commented  ·   ·  Flag as inappropriate

        Maybe this is something new for those who are interested. - as update to my former post.
        I recently have reinstalled a Windows 7 Professional box right using a Windows 7 Pro OEM CD with SP 1 integrated - 64bit Version. It was just to test a newer machine.
        Thereafter applied all Patches - also recommended and optional ones - including all Rollups (and the second "after SP1 Servicepack" (which is the Windows 7 Convenience Rollup from MS)
        and then continued to patch until it had the current status as of July 2018).

        The SSLLabs Client Test
        now reported me one ChaCha20_Poly1305 Suite being supported with IE11 in this
        condition.
        As well, Session Tickets are now supported! (which also wasn't the case earlier on Windows 7)

        While Windows 10 still doesn't support Chacha20 until Build 1709 until now. (evtl. in 1803?)

        Bernd P

      • Anonymous commented  ·   ·  Flag as inappropriate

        An even more general solution would be for Microsoft to expose a .Net interface to add a custom cipher to the cipher suite support for Schannel. So if I had a C# implementation of chacha20/poly1305, or any future cipher algorithm, I would like to be able to implement the generic cipher interface to add support in Schannel for the new algorithm IIS/Edge etc.

      • Bernd P commented  ·   ·  Flag as inappropriate

        I also strongly recommend the Addition of ChaCha20-Poly1305 because recently the AES Suites are the only usable modern Cipher Suites within TLS currently . MS also should consider the removal of 3DES Suites (which have no forward Secrecy) on the medium Haul as well as finally remove RC4 and weaker Algorithms everywhere this is possible. Unluckliy there are still too many Servers around providing NO Forward Secrecy and on TLS 1.0 only so we cannot quit using RSA Suites w/o AEAD for now.

      Feedback and Knowledge Base