[tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)
nusenu
nusenu at openmailbox.org
Mon Jun 22 16:36:19 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
since enable-ec_nistp_64_gcc_128 is
disabled by default on OpenBSD due to compiler bugs [1]
I wanted to ask how bad is it (in relay context) to ignore the usual
tor log entry:
> We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later,
> but with a version of OpenSSL that apparently lacks accelerated
> support for the NIST P-224 and P-256 groups. Building openssl with
> such support (using the enable-ec_nistp_64_gcc_128 option when
> configuring it) would make ECDH much faster.
Tor's changelog "highly recommends" it [2].
Can this be "translated" to something like
"the relay's bandwidth usage and usefulness will be reduced"
"latency will be higher"
"security will be degraded due to fallback to DH-1024"
?
thanks,
nusenu
[1] http://article.gmane.org/gmane.os.openbsd.misc/218944
[2]
https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.2.5.10
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJViDmDAAoJEFv7XvVCELh0Fi0QAKF0/7eVWgL5gExyGcCugz66
9CJOaNGVdeqb8LDxH/KEW4xC+MLhqMQ/+dL7iVOZIOtCM6i4vTpD3u4ZVnFhcGfx
luyX78TqXDW3riV3izBWYScYxQdeHGv3XFXQlbGi7WQYfRt0AdorchmP2xuxD7Cg
zGZFk4Bggj3qnW1sd/G3JvJL0bUi7iBKrQwPTDlnK3YSGbTYpU6lS3dQqbHqNYin
yrwtlNSCi9DFjbQm5g4yjvaawnmOuxf8dlm54Ltjdn2cIHsXaPqQ6kXICiukrJhE
ZLfTnPBd3yngyoq9xe7bW9P4mNVkTNmAU3VqGgEq1gSUJQObXkzOKAz63z9WAqQl
GBvZFtwkbdBM4pjfWaG5FjDRc+awXxP/8K/d2vF2r6KAwkbh9Fw2uhjC6yu5c6hB
KtQaovd+we+Ag4vDdE6lbQPLiCbPBiFdB6qYjkWbVflYcrsYQPoCgwjaodbV7I/Y
8Kb3Lx2C8+HFLtktEh19tOk34iKVliQk7FjE2FoiKkWryRYtY5KUAfFS8hOCfBqr
2XYtWGqQ9eh14RqvBu7CuN1cKCc0EQLcr6BF9uvd6EYtKZsa5rQC+y9Bbbd65MwB
qU7lLckEkG+qwzgvuyOBvGwN8JmMmTBQASsdalAUscQFbPq7wySp9tz21pu8mOje
NRRdnL1/3X9KcCMLMCVk
=Oa2Z
-----END PGP SIGNATURE-----
More information about the tor-dev
mailing list