We’re excited to announce that ChaCha20-Poly1305, one of the fastest and most secure modern SSH encryption algorithms, is now fully supported in AbsoluteTelnet/SSH.
This upgrade brings faster performance on all platforms, improved security, and broader compatibility with modern OpenSSH servers — especially on systems where AES acceleration is limited.
🔒 What Is ChaCha20-Poly1305?
ChaCha20-Poly1305 is an AEAD cipher (Authenticated Encryption with Associated Data) designed for high performance and robust security. Originally deployed by Google and later adopted by OpenSSH, it offers:
- Excellent performance on systems without AES-NI hardware acceleration
- Consistent timing behavior that helps reduce side-channel risk
- A combined encryption + authentication design for improved efficiency
- Strong, modern cryptography that meets current security recommendations
If you’ve ever used SSH from a virtual machine, embedded hardware, or older CPU, ChaCha20 often outperforms AES dramatically.
🚀 Why This Matters for AbsoluteTelnet Users
With ChaCha20-Poly1305 enabled:
- Connections feel snappier, especially on older or lightweight machines.
- Battery life improves on mobile or low-power hardware due to reduced CPU overhead.
- Security increases, thanks to modern AEAD design and constant-time behavior.
- Compatibility improves, since OpenSSH servers increasingly default to ChaCha20-Poly1305 as a top-tier cipher.
AbsoluteTelnet automatically negotiates the best algorithm available. When a server offers ChaCha20-Poly1305, the client can now take advantage of it immediately.
🛡️ Terrapin-Safe Implementation
ChaCha20-Poly1305 interacts closely with the SSH sequence-number behavior highlighted in the Terrapin vulnerability (CVE-2023-48795).
To ensure safe use of AEAD ciphers:
- AbsoluteTelnet automatically checks for Strict KEX support.
- If the server is missing critical protections, the client warns the user, offers automatic remediation, or gracefully falls back to safer algorithms.
This keeps your connection both fast and secure — without guesswork.
⚙️ Available Today
ChaCha20-Poly1305 support is available now in the latest release of AbsoluteTelnet/SSH.
No configuration change is required — simply connect to a server that supports it, and AbsoluteTelnet will negotiate it automatically (or let you know if there’s a configuration mismatch).
For best results, ensure your server’s SSH implementation is up to date with support for:
chacha20-poly1305@openssh.com- Strict KEX (RFC 8308)