Hi there,
First of all thanks for helping me last time with my mipsel build of Tor with statically linked OpenSSL.
It's running fine and we're waiting for the last review of the bandwith-checking scripts before they go live.
The second cluster we prepare will consist of low-powered PowerPC devices 250MHz/256MB Ram/8MB Flash.
This time Tor will dynamically link to OpenSSL (libcrypto.so.1.0.0 and libssl.so.1.0.0) because there are also other programs depending on it.
Because the devices have very limited flash-space the binaries and libraries have to be as small as possible.
Tor 0.2.3.19-rc is only 550KB with only libevent staticly linked in (stripped and bz2 compressed).
When run, it will be extracted to /tmp, executed and then deleted (since /tmp runs in RAM).
It runs very well so far :)
However the OpenSSL libraries are quite large for this system and they don't fit in at the moment.
libcrypto.so.1.0.0 is 1.9MB and libssl.so.1.0.0 is 375KB (stripped).
Our goal is to run Tor both as client and router and therefor I'd like to know the absolute minimum required ciphers for doing so.
We've currently compiled OpenSSL 1.0.1 with:
NM=powerpc-gnu-nm CC=powerpc-linux-gnu-gcc RANLIB=powerpc-linux-gnu-ranlib AR=powerpc-linux-gnu-ar \
./Configure --prefix=/home/mastag/root --openssldir=/home/mastag/root/lib/ssl \
shared threads zlib enable-tlsext no-ssl2 no-dso no-idea no-mdc2 no-rc5 \
no-engines no-hw linux-ppc \
From the OpenSSL documentation it seems that no-hw and no-engines leaves out support for hardware crypto engines so those are safe to set (our devices don't have them).
Could anybody provide us with more "no-" options for ciphers we can skip?
Thanks alot!