Showing results for 
Show  only  | Search instead for 
Did you mean: 

MacOS always prefers ChaCha20-Poly1305. Should Firefox for MacOS prefer it, too?

Making moves


I am definitely not an expert in these topics so this post will probably be pretty eye roll-inducing for those who are, but I have been curious about this for a while now and figured I'd finally ask about it.

Basically, modern Mac computers (I've tested Safari and curl on both Intel and Apple Silicon Macs) always prefer ChaCha/Poly (when available) over every other cipher suite including AES/GCM regardless of whether the protocol is TLS 1.2 or TLS 1.3 and regardless of whether it's an RSA or EC certificate. This is despite the fact that all modern Macs have very good hardware support for AES.

Clearly this is no accident on Apple's part and it makes me wonder what they know that we don't. Are there any significant advantages to Apple doing this? Should Firefox follow their lead...? Thank you for your time.

- Collin



The page at tells me this:


Strangely, that doesn't quite match the list on:

When I visit Apple's home page, the cipher used is "TLS_AES_256_GCM_SHA384" which is top of the list on that wiki page above TLS_CHACHA20_POLY1305_SHA256.

I don't know how the order was selected (whatever it actually is). Perhaps the crypto group list discusses such things?