On Mon, 22 Jun 2015 18:36:19 +0200 nusenu nusenu@openmailbox.org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
since enable-ec_nistp_64_gcc_128 is disabled by default on OpenBSD due to compiler bugs [1] I wanted to ask how bad is it (in relay context) to ignore the usual tor log entry:
We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.
Tor's changelog "highly recommends" it [2].
Can this be "translated" to something like
"the relay's bandwidth usage and usefulness will be reduced"
"latency will be higher"
"security will be degraded due to fallback to DH-1024" ?
It's exactly what it says on the tin. Your relay will burn more CPU doing ECDHE as part of TLS, but it will have no security impact unless there is a bug in the non-optimized ECDH code.
"TLS connections will take longer to be established, because the key exchange takes longer, but once connected there is no further impact".