Support ChaCha20/Poly1305 cipher suites in Edge/Schannel
ChaCha20/Poly1305 cipher suites are considered as the best stream cipher replacement for the obsolete RC4 stream cipher suites. It's also the only AEAD alternative to AES-GCM cipher suites right now.
It's already supported by Google Chrome, Android and Opera and just recently patch with ChaCha20/Poly1305 landed in OpenSSL library.
I think it would be helpful to support it in Schannel and Edge as well.
Bernd P commented
Maybe this is something new for those who are interested. - as update to my former post.
I recently have reinstalled a Windows 7 Professional box right using a Windows 7 Pro OEM CD with SP 1 integrated - 64bit Version. It was just to test a newer machine.
Thereafter applied all Patches - also recommended and optional ones - including all Rollups (and the second "after SP1 Servicepack" (which is the Windows 7 Convenience Rollup from MS)
and then continued to patch until it had the current status as of July 2018).
The SSLLabs Client Test
now reported me one ChaCha20_Poly1305 Suite being supported with IE11 in this
As well, Session Tickets are now supported! (which also wasn't the case earlier on Windows 7)
While Windows 10 still doesn't support Chacha20 until Build 1709 until now. (evtl. in 1803?)
An even more general solution would be for Microsoft to expose a .Net interface to add a custom cipher to the cipher suite support for Schannel. So if I had a C# implementation of chacha20/poly1305, or any future cipher algorithm, I would like to be able to implement the generic cipher interface to add support in Schannel for the new algorithm IIS/Edge etc.
Bernd P commented
I also strongly recommend the Addition of ChaCha20-Poly1305 because recently the AES Suites are the only usable modern Cipher Suites within TLS currently . MS also should consider the removal of 3DES Suites (which have no forward Secrecy) on the medium Haul as well as finally remove RC4 and weaker Algorithms everywhere this is possible. Unluckliy there are still too many Servers around providing NO Forward Secrecy and on TLS 1.0 only so we cannot quit using RSA Suites w/o AEAD for now.