On Mon, 22 Jun 2015 18:36:19 +0200 nusenu <nusenu@xxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi, > > since enable-ec_nistp_64_gcc_128 is > disabled by default on OpenBSD due to compiler bugs [1] > I wanted to ask how bad is it (in relay context) to ignore the usual > tor log entry: > > > We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, > > but with a version of OpenSSL that apparently lacks accelerated > > support for the NIST P-224 and P-256 groups. Building openssl with > > such support (using the enable-ec_nistp_64_gcc_128 option when > > configuring it) would make ECDH much faster. > > Tor's changelog "highly recommends" it [2]. > > Can this be "translated" to something like > > "the relay's bandwidth usage and usefulness will be reduced" > > "latency will be higher" > > "security will be degraded due to fallback to DH-1024" > ? It's exactly what it says on the tin. Your relay will burn more CPU doing ECDHE as part of TLS, but it will have no security impact unless there is a bug in the non-optimized ECDH code. "TLS connections will take longer to be established, because the key exchange takes longer, but once connected there is no further impact". -- Yawning Angel
Attachment:
pgpIpti4NN_PI.pgp
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev