- BoringSSL supports an option called EqualPreferenceGroups. This lets you create groups of ciphers (say, AES GCM for desktop computers and some ChaCha option for mobile devices), and the server will select the client's preferred cipher from the server's 1st preferred group, then the 2nd group, and so on. This lets you get the best of both worlds.
- OpenSSL felt this was a bit too complicated so they added a `SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE` option to handle the common case. The way it works is: if and only if the client specifies ChaCha as their first preference, and server cipher priority is used, and the server specifies SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE, then reprioritize ChaCha above everything else.
The tldr is:
- BoringSSL supports an option called EqualPreferenceGroups. This lets you create groups of ciphers (say, AES GCM for desktop computers and some ChaCha option for mobile devices), and the server will select the client's preferred cipher from the server's 1st preferred group, then the 2nd group, and so on. This lets you get the best of both worlds.
- OpenSSL felt this was a bit too complicated so they added a `SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE` option to handle the common case. The way it works is: if and only if the client specifies ChaCha as their first preference, and server cipher priority is used, and the server specifies SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE, then reprioritize ChaCha above everything else.