[tor-dev] Minimum required ciphers for running Tor as both client and router.

[Gino Badouri]

Hi there,

First of all thanks for helping me last time with my mipsel build of Tor
with statically linked OpenSSL.
It's running fine and we're waiting for the last review of the
bandwith-checking scripts before they go live.

The second cluster we prepare will consist of low-powered PowerPC devices
250MHz/256MB Ram/8MB Flash.
This time Tor will dynamically link to OpenSSL (libcrypto.so.1.0.0 and
libssl.so.1.0.0) because there are also other programs depending on it.
Because the devices have very limited flash-space the binaries and
libraries have to be as small as possible.
Tor 0.2.3.19-rc is only 550KB with only libevent staticly linked in
(stripped and bz2 compressed).
When run, it will be extracted to /tmp, executed and then deleted (since
/tmp runs in RAM).

It runs very well so far :)

However the OpenSSL libraries are quite large for this system and they
don't fit in at the moment.
libcrypto.so.1.0.0 is 1.9MB and libssl.so.1.0.0 is 375KB (stripped).

Our goal is to run Tor both as client and router and therefor I'd like to
know the absolute minimum required ciphers for doing so.
We've currently compiled OpenSSL 1.0.1 with:

NM=powerpc-gnu-nm CC=powerpc-linux-gnu-gcc RANLIB=powerpc-linux-gnu-ranlib
AR=powerpc-linux-gnu-ar \
./Configure --prefix=/home/mastag/root
--openssldir=/home/mastag/root/lib/ssl \
shared threads zlib enable-tlsext no-ssl2 no-dso no-idea no-mdc2 no-rc5 \
no-engines no-hw linux-ppc \

>From the OpenSSL documentation it seems that no-hw and no-engines leaves
out support for hardware crypto engines so those are safe to set (our
devices don't have them).

Could anybody provide us with more "no-" options for ciphers we can skip?
Thanks alot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20120713/b62d50f0/attachment.html>