AEAD ciphers: Add EECDH+CHACHA20 macro.

This adds the following two ciphers:

  ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH  Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
  ECDHE-RSA-CHACHA20-POLY1305   TLSv1.2 Kx=ECDH  Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD

1 files changed, 1 insertions, 1 deletions

diff --git a/roles/lacme/files/etc/lacme/lacme.conf b/roles/lacme/files/etc/lacme/lacme.conf
index 6f1ee4b..b49c87a 100644
--- a/roles/lacme/files/etc/lacme/lacme.conf
+++ b/roles/lacme/files/etc/lacme/lacme.conf
@@ -37,41 +37,41 @@ group = nogroup
 # <https://acme-staging-v02.api.letsencrypt.org/directory> for testing
 # as it has relaxed rate-limiting.
 #
 #server = https://acme-v02.api.letsencrypt.org/directory
 
 # Timeout in seconds after which the client stops polling the ACME
 # server and considers the request failed.
 #
 #timeout = 10
 
 # Whether to verify the server certificate chain.
 #
 SSL_verify = yes
 
 # Specify the version of the SSL protocol used to transmit data.
 #
 SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
 
 # Specify the cipher list for the connection.
 #
-SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+SSL_cipher_list = EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL
 
 
 [webserver]
 
 # Comma- or space-separated list of addresses to listen on, for instance
 # "0.0.0.0:80 [::]:80".
 #
 #listen = /run/lacme-www.socket
 
 # Non-existent directory under which an external HTTP daemon is
 # configured to serve GET requests for challenge files under
 # "/.well-known/acme-challenge/" (for each virtual host requiring
 # authorization) as static files.
 #
 #challenge-directory =
 
 # username to drop privileges to (setting both effective and real uid).
 # Preserve root privileges if the value is empty (not recommended).
 #
 user = www-data