[tor-bugs] #13815 [Tor]: Attempt to port tor to Google's BoringSSL
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 13 16:11:21 UTC 2015
#13815: Attempt to port tor to Google's BoringSSL
-----------------------------+--------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: assigned
Priority: normal | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: 0.2.6.1-alpha
Resolution: | Keywords: lorax tor-relay
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by nickm):
Note:
In an message (relayed here with permission), David Benjamin (BoringSSL
hacker) informed me of a few things we should keep in mind if we tread
this route:
* BoringSSL isn't meant to maintain openssl compatibility, and might not
be the library for us.
* Neither SSL_renegotiate nor SSL_set_session_secret_cb will actually
work here.
* In place of the get_cipher_by_char craziness we could instead do
SSL_get_cipher_by_value.
* This seriously might not be the right library for the degree of
shenanigans that Tor has tended to pull with the guts of the TLS
implementation.
Together this would imply that BoringSSL compatibility simply can't happen
until we drop the v2 version of our TLS handshake. And that we should
probably consider the stuff we want to use BoringSSL for "supported by
accident, at best."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13815#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list