[tor-dev] Minimum required ciphers for running Tor as both client and router.

Nick Mathewson nickm at alum.mit.edu
Fri Jul 13 12:52:48 UTC 2012

On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri <g.badouri at gmail.com> wrote:


> From the OpenSSL documentation it seems that no-hw and no-engines leaves out
> support for hardware crypto engines so those are safe to set (our devices
> don't have them).
> Could anybody provide us with more "no-" options for ciphers we can skip?
> Thanks alot!

The absolutely required cryptographic primitives for Tor are AES,
SHA1, SHA256, DH, and RSA.  This may grow in the future.

Be aware though that being unable to negotiate certain ciphersuites
might make your devices more fingerprintable, since starting in
0.2.3.x Tor will no longer advertise openssl-supported ciphersuites
that it doesn't have.


More information about the tor-dev mailing list