[tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)

nusenu nusenu at openmailbox.org
Mon Jun 22 16:36:19 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

since enable-ec_nistp_64_gcc_128 is
disabled by default on OpenBSD due to compiler bugs [1]
I wanted to ask how bad is it (in relay context) to ignore the usual
tor log entry:

> We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, 
> but with a version of OpenSSL that apparently lacks accelerated 
> support for the NIST P-224 and P-256 groups. Building openssl with 
> such support (using the enable-ec_nistp_64_gcc_128 option when 
> configuring it) would make ECDH much faster.

Tor's changelog "highly recommends" it [2].


Can this be "translated" to something like

"the relay's bandwidth usage and usefulness will be reduced"

"latency will be higher"

"security will be degraded due to fallback to DH-1024"
?

thanks,
nusenu



[1] http://article.gmane.org/gmane.os.openbsd.misc/218944
[2]
https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.2.5.10
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJViDmDAAoJEFv7XvVCELh0Fi0QAKF0/7eVWgL5gExyGcCugz66
9CJOaNGVdeqb8LDxH/KEW4xC+MLhqMQ/+dL7iVOZIOtCM6i4vTpD3u4ZVnFhcGfx
luyX78TqXDW3riV3izBWYScYxQdeHGv3XFXQlbGi7WQYfRt0AdorchmP2xuxD7Cg
zGZFk4Bggj3qnW1sd/G3JvJL0bUi7iBKrQwPTDlnK3YSGbTYpU6lS3dQqbHqNYin
yrwtlNSCi9DFjbQm5g4yjvaawnmOuxf8dlm54Ltjdn2cIHsXaPqQ6kXICiukrJhE
ZLfTnPBd3yngyoq9xe7bW9P4mNVkTNmAU3VqGgEq1gSUJQObXkzOKAz63z9WAqQl
GBvZFtwkbdBM4pjfWaG5FjDRc+awXxP/8K/d2vF2r6KAwkbh9Fw2uhjC6yu5c6hB
KtQaovd+we+Ag4vDdE6lbQPLiCbPBiFdB6qYjkWbVflYcrsYQPoCgwjaodbV7I/Y
8Kb3Lx2C8+HFLtktEh19tOk34iKVliQk7FjE2FoiKkWryRYtY5KUAfFS8hOCfBqr
2XYtWGqQ9eh14RqvBu7CuN1cKCc0EQLcr6BF9uvd6EYtKZsa5rQC+y9Bbbd65MwB
qU7lLckEkG+qwzgvuyOBvGwN8JmMmTBQASsdalAUscQFbPq7wySp9tz21pu8mOje
NRRdnL1/3X9KcCMLMCVk
=Oa2Z
-----END PGP SIGNATURE-----


More information about the tor-dev mailing list