Support ChaCha20 Draft Ciphers in OpenSSL 1.1

[kerzyte]

The OpenSSL 1.0.2j patch for adding Chacha20 support does not work on OpenSSL 1.1. OpenSSL 1.1 added support for the final version of ChaCha20, but I would like to add the draft version back in for older clients.
Any chance that patch could be ported over?

[vkrasnov]

No, that would be too much work I'm afraid.

[kerzyte]

Understandable. What is Cloudflare using to be able to have both versions AND x25519?

[vkrasnov]

We are using boringssl, with a patch for old chacha

[draft1]

Any chance the patch for BoringSSL will be public also?

[xetorixik]

@RoldanLT Vanilla BoringSSL and the old chacha patch for BoringSSL is quite useless for websites as BoringSSL doesn't support OCSP, Nginx multi cert? etc.

It is only interesting if multiple Cloudflare BoringSSL patches (i.e. OCSP) are released.
To re-add the features that Google has deleted.

@vkrasnov But. It seems unlikely to me that this will happen.

[injust]

@xetorixik OCSP protocol was removed, but stapling and parsing are still in BoringSSL.

[anotherjin]

Now where can I get the patch for boringssl?