On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri g.badouri@gmail.com wrote:
Hi!
From the OpenSSL documentation it seems that no-hw and no-engines leaves out support for hardware crypto engines so those are safe to set (our devices don't have them).
Could anybody provide us with more "no-" options for ciphers we can skip? Thanks alot!
The absolutely required cryptographic primitives for Tor are AES, SHA1, SHA256, DH, and RSA. This may grow in the future.
Be aware though that being unable to negotiate certain ciphersuites might make your devices more fingerprintable, since starting in 0.2.3.x Tor will no longer advertise openssl-supported ciphersuites that it doesn't have.