[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
From: Nick Mathewson <nickm@xxxxxxxxxxxx>
Date: Fri, 13 Jul 2012 08:52:48 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 13 Jul 2012 08:52:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=+uXqbU+yTRiPx4jUCBZszMLSCt7Vm11SIEsm5zc2N7Y=; b=S4/JDzHeCmlNRASozmNLFxDtYPs9msBFhJkDObhtVP+Hrq8LjC9WUwByW+qLNCGraw d76OsVK3mz7USdkPsHnTA4A0+e4wL/GYFNDXg8zH4XgT7c1SSvnVQzUNmSXG8yEw5xsi VwYQFQbNKiRUxJYoZF2SPwWMn0tWCfIXSGKeI6Hrx0TSORmc1XzIgfaeiR+lQ5xUBVo1 v8h4ZqhkSAvUbVW9GJ5bBORgT5q/1Su5si9cUcunevnEMalzVWejVrEGxaVWpIxSd8dX AVijBq/Kec5soxJUP53nlLf0EKO68hPZZwUtxF37onZkt8kCH3zESLADIUXVV00QVBBl Pc6w==
In-reply-to: <CABgZ87ZeppsjqGt_ihTffPQnSG=LpA4Et=+mcTUD8JDD+K5CbA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CABgZ87ZeppsjqGt_ihTffPQnSG=LpA4Et=+mcTUD8JDD+K5CbA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx

On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri <g.badouri@xxxxxxxxx> wrote:

Hi!

> From the OpenSSL documentation it seems that no-hw and no-engines leaves out
> support for hardware crypto engines so those are safe to set (our devices
> don't have them).
>
> Could anybody provide us with more "no-" options for ciphers we can skip?
> Thanks alot!

The absolutely required cryptographic primitives for Tor are AES,
SHA1, SHA256, DH, and RSA.  This may grow in the future.

Be aware though that being unable to negotiate certain ciphersuites
might make your devices more fingerprintable, since starting in
0.2.3.x Tor will no longer advertise openssl-supported ciphersuites
that it doesn't have.

-- 
Nick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
  - From: Gino Badouri

References:
- [tor-dev] Minimum required ciphers for running Tor as both client and router.
  - From: Gino Badouri

Prev by Author: Re: [tor-dev] Proposal 204: Subdomain support for Hidden Service addresses
Next by Author: Re: [tor-dev] Clarification of prop 186
Previous by thread: [tor-dev] Minimum required ciphers for running Tor as both client and router.
Next by thread: Re: [tor-dev] Minimum required ciphers for running Tor as both client and router.
Index(es):
- Author
- Thread