Since its inception in 2014, the OpenSSL 1.0.2-chacha fork  has been used as standard OpenSSL distribution for numerous SSL/TLS pentesting tools. It includes default support for ciphers that are deemed insecure, and has extensive starttls support.... in comparison with the vanilla 1.0.2 branch.
However, even though 1.0.2 is deemed a Long Term Supported (LTS) version, no new ciphers or functionality will be added to it.
The initial reason to start the fork was a lack of ChaCha20 / Poly1305 support in the 1.0.2 branch. After that, more and more features and insecure ciphers were added or ported back in from other branches.
As ChaCha20 / Poly1305 support has been added to the 1.1.1 branch, which also contains (preliminary) TLS 1.3 support, it might be time for the insecure OpenSSL version to be rebased onto a new branch. The initial goals will still be the same:
- Add as much ciphers and functionality as possible
- Keep the source aligned as much as possible to the vanilla version
- Keep the patches atomic, transparent and maintainable
- Write as little custom code as possible
This will be quite the challenge, as the architecture and …more ...