On Fri, 21 Nov 2014 09:10:11 -0800, David Stainton dstainton415@gmail.com wrote:
I am also very interested in hearing from people who have built tor with LibreSSL...
If you want to try building a FreeBSD port using LibreSSL instead of OpenSSL add this to /etc/make.conf
OPENSSL_PORT=security/libressl WITH_OPENSSL_PORT=yes
specifically I'd love it if someone worked out all the details to do this as a static build in OpenBSD.
Not sure about static builds, what's the benefit?
I do know OpenBSD 5.6 has LibreSSL baked in and it works with Tor. Just install the tor package, edit /etc/tor/torrc and you're up and running.
Next time I stand up another relay or exit node on OpenBSD I think I'll kick it up a notch with some chroot and/or systrace sauce.
https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity#RunTor...
Am also interested in hearing any tips for minimizing data retention. I thought about making a hardlink or symlink from /var/log to /dev/null, but I have a feeling there's more to it than that.