[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #16140 [Tor]: Drop support for OpenSSL without ECC.
#16140: Drop support for OpenSSL without ECC.
--------------------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Keywords: tor-client tor-relay tls | Actual Points:
Parent ID: | Points:
--------------------------------------+------------------------------------
Offshoot of #16034.
tor should error out at build time (and possibly runtime if we can easily
detect it) if elliptic curve cryptography is not available (or the ECDHE
suites we want to use are not available).
`OPENSSL_NO_EC` is the define for the former, and ECC support is available
in any version of OpenSSL that we want to support (>= 1.0.0). I think the
only people that ship OpenSSL without all the curves available are RedHat
(but at least they have some curves now, as opposed to none). I'm
personally ok with breaking builds on such systems if they don't give us
all the curves we want.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16140>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs