[tor-bugs] #16140 [Tor]: Drop support for OpenSSL without ECC.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 20 18:39:27 UTC 2015
#16140: Drop support for OpenSSL without ECC.
--------------------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: 0.2.7.x-final
Component: Tor | Version:
Keywords: tor-client tor-relay tls | Actual Points:
Parent ID: | Points:
--------------------------------------+------------------------------------
Offshoot of #16034.
tor should error out at build time (and possibly runtime if we can easily
detect it) if elliptic curve cryptography is not available (or the ECDHE
suites we want to use are not available).
`OPENSSL_NO_EC` is the define for the former, and ECC support is available
in any version of OpenSSL that we want to support (>= 1.0.0). I think the
only people that ship OpenSSL without all the curves available are RedHat
(but at least they have some curves now, as opposed to none). I'm
personally ok with breaking builds on such systems if they don't give us
all the curves we want.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16140>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list