[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Minimum required ciphers for running Tor as both client and router.

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Minimum required ciphers for running Tor as both client and router.
From: Gino Badouri <g.badouri@xxxxxxxxx>
Date: Fri, 13 Jul 2012 14:14:52 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 13 Jul 2012 08:14:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=VZpsj4D9s1JEbBL2Wcun8meCMpJt5xned63sYMUeYw0=; b=xmLn7MzPe/oKCIZ76oKzMwhYsjUpZHmDuRalnpKYwxfC54+lGhzTg4u6IbP3v/6W8B JQLMfVB/Jg68gWlpdtgmfGtcvtPhVWU5SD5+S2tIZUDm2OjTF8nHwM9HKMOK+XLip6nu LL75OLae1bBi0SWfCxlF6HRHsafOA6QuCArdclkNxHgYoskWYYJd2vcdkYD8iq5f2y9h s0hIu/P20XAw8Re9OgKgrNYFoFb2zzwGMIoJ3lyDDVt8LZ/Xcl/Bvn4BeGWb/MjBO1V9 1I0KUCIIm4GYHdhUkVuGBnOcpHCqzWKUOb23L1SvxMxNayALnc6T9CL8rpgSigxqvL0t hcUg==
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

Hi there,

First of all thanks for helping me last time with my mipsel build of Tor with statically linked OpenSSL.
It's running fine and we're waiting for the last review of the bandwith-checking scripts before they go live.

The second cluster we prepare will consist of low-powered PowerPC devices 250MHz/256MB Ram/8MB Flash.
This time Tor will dynamically link to OpenSSL (libcrypto.so.1.0.0 and libssl.so.1.0.0) because there are also other programs depending on it.
Because the devices have very limited flash-space the binaries and libraries have to be as small as possible.
Tor 0.2.3.19-rc is only 550KB with only libevent staticly linked in (stripped and bz2 compressed).
When run, it will be extracted to /tmp, executed and then deleted (since /tmp runs in RAM).

It runs very well so far :)

However the OpenSSL libraries are quite large for this system and they don't fit in at the moment.
libcrypto.so.1.0.0 is 1.9MB and libssl.so.1.0.0 is 375KB (stripped).

Our goal is to run Tor both as client and router and therefor I'd like to know the absolute minimum required ciphers for doing so.
We've currently compiled OpenSSL 1.0.1 with:

NM=powerpc-gnu-nm CC=powerpc-linux-gnu-gcc RANLIB=powerpc-linux-gnu-ranlib AR=powerpc-linux-gnu-ar \
./Configure --prefix=/home/mastag/root --openssldir=/home/mastag/root/lib/ssl \
shared threads zlib enable-tlsext no-ssl2 no-dso no-idea no-mdc2 no-rc5 \
no-engines no-hw linux-ppc \

From the OpenSSL documentation it seems that no-hw and no-engines leaves out support for hardware crypto engines so those are safe to set (our devices don't have them).

Could anybody provide us with more "no-" options for ciphers we can skip?
Thanks alot!

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
  - From: Nick Mathewson

Prev by Author: [tor-dev] [GSoC] Vidalia Report - Week 8
Next by Author: Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
Previous by thread: [tor-dev] New Identity/Client attacks?
Next by thread: Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
Index(es):
- Author
- Thread