Hi there,
First of all thanks for helping me last time with my mipsel build of Tor with statically linked OpenSSL. It's running fine and we're waiting for the last review of the bandwith-checking scripts before they go live.
The second cluster we prepare will consist of low-powered PowerPC devices 250MHz/256MB Ram/8MB Flash. This time Tor will dynamically link to OpenSSL (libcrypto.so.1.0.0 and libssl.so.1.0.0) because there are also other programs depending on it. Because the devices have very limited flash-space the binaries and libraries have to be as small as possible. Tor 0.2.3.19-rc is only 550KB with only libevent staticly linked in (stripped and bz2 compressed). When run, it will be extracted to /tmp, executed and then deleted (since /tmp runs in RAM).
It runs very well so far :)
However the OpenSSL libraries are quite large for this system and they don't fit in at the moment. libcrypto.so.1.0.0 is 1.9MB and libssl.so.1.0.0 is 375KB (stripped).
Our goal is to run Tor both as client and router and therefor I'd like to know the absolute minimum required ciphers for doing so. We've currently compiled OpenSSL 1.0.1 with:
NM=powerpc-gnu-nm CC=powerpc-linux-gnu-gcc RANLIB=powerpc-linux-gnu-ranlib AR=powerpc-linux-gnu-ar \ ./Configure --prefix=/home/mastag/root --openssldir=/home/mastag/root/lib/ssl \ shared threads zlib enable-tlsext no-ssl2 no-dso no-idea no-mdc2 no-rc5 \ no-engines no-hw linux-ppc \
From the OpenSSL documentation it seems that no-hw and no-engines leaves
out support for hardware crypto engines so those are safe to set (our devices don't have them).
Could anybody provide us with more "no-" options for ciphers we can skip? Thanks alot!
On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri g.badouri@gmail.com wrote:
Hi!
From the OpenSSL documentation it seems that no-hw and no-engines leaves out support for hardware crypto engines so those are safe to set (our devices don't have them).
Could anybody provide us with more "no-" options for ciphers we can skip? Thanks alot!
The absolutely required cryptographic primitives for Tor are AES, SHA1, SHA256, DH, and RSA. This may grow in the future.
Be aware though that being unable to negotiate certain ciphersuites might make your devices more fingerprintable, since starting in 0.2.3.x Tor will no longer advertise openssl-supported ciphersuites that it doesn't have.
Thanks Nick for the fast answer.
I went trough the official OpenSSL cipher docs but also found a nice (probably outdated) list on the stackoverflow.
Ciphers:
no-idea -DOPENSSL_NO_IDEA no-aes -DOPENSSL_NO_AES no-camellia -DOPENSSL_NO_CAMELLIA no-seed -DOPENSSL_NO_SEED no-bf -DOPENSSL_NO_BF no-cast -DOPENSSL_NO_CAST no-des -DOPENSSL_NO_DES no-rc2 -DOPENSSL_NO_RC2 no-rc4 -DOPENSSL_NO_RC4 no-rc5 -DOPENSSL_NO_RC5
no-md2 -DOPENSSL_NO_MD2 no-md4 -DOPENSSL_NO_MD4 no-md5 -DOPENSSL_NO_MD5 no-sha -DOPENSSL_NO_SHA no-ripemd -DOPENSSL_NO_RIPEMD no-mdc2 -DOPENSSL_NO_MDC2
no-rsa -DOPENSSL_NO_RSA no-dsa -DOPENSSL_NO_DSA no-dh -DOPENSSL_NO_DH
no-ec -DOPENSSL_NO_EC no-ecdsa -DOPENSSL_NO_ECDSA no-ecdh -DOPENSSL_NO_ECDH
Non-cipher functionality:
no-sock -DOPENSSL_NO_SOCK No socket code. no-ssl2 -DOPENSSL_NO_SSL2 No SSLv2. no-ssl3 -DOPENSSL_NO_SSL3 No SSLv3. no-err -DOPENSSL_NO_ERR No error strings. no-krb5 -DOPENSSL_NO_KRB5 No Kerberos v5. no-engine -DOPENSSL_NO_ENGINE No dynamic engines. no-hw -DOPENSSL_NO_HW No support for external hardware.
Not documented:
no-tlsext -DOPENSSL_NO_TLSEXT no-cms -DOPENSSL_NO_CMS no-jpake -DOPENSSL_NO_JPAKE no-capieng -DOPENSSL_NO_CAPIENG
I recompiled OpenSSL with the following ciphers disabled: no-krb5 no-ssl2 no-dso no-engines no-hw no-idea no-err \ no-mdc2 no-rc5 no-camellia no-seed no-des no-dsa no-ec \ no-ecdsa no-ecdh no-ripemd no-md2 no-md4 no-cast no-bf \ no-cms no-jpake no-capieng
Enabled: shared threads enable-tlxext zlib
That gets me a nice stripped 1.2MB libcrypto and 300KB libssl.
It does mention OpenSSL has been built with ciphers disabled: Jul 13 15:55:54.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
However it works very well, even after clearing the cache it connects very fast, (faster than the mips build) If you happen to know more ciphers that can be disabled (without using router functionality) please let me know.
2012/7/13 Nick Mathewson nickm@alum.mit.edu
On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri g.badouri@gmail.com wrote:
Hi!
From the OpenSSL documentation it seems that no-hw and no-engines leaves out support for hardware crypto engines so those are safe to set (our devices don't have them).
Could anybody provide us with more "no-" options for ciphers we can skip? Thanks alot!
The absolutely required cryptographic primitives for Tor are AES, SHA1, SHA256, DH, and RSA. This may grow in the future.
Be aware though that being unable to negotiate certain ciphersuites might make your devices more fingerprintable, since starting in 0.2.3.x Tor will no longer advertise openssl-supported ciphersuites that it doesn't have.
-- Nick _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev