[tor-dev] Minimum required ciphers for running Tor as both client and router.
Nick Mathewson
nickm at alum.mit.edu
Fri Jul 13 12:52:48 UTC 2012
On Fri, Jul 13, 2012 at 8:14 AM, Gino Badouri <g.badouri at gmail.com> wrote:
Hi!
> From the OpenSSL documentation it seems that no-hw and no-engines leaves out
> support for hardware crypto engines so those are safe to set (our devices
> don't have them).
>
> Could anybody provide us with more "no-" options for ciphers we can skip?
> Thanks alot!
The absolutely required cryptographic primitives for Tor are AES,
SHA1, SHA256, DH, and RSA. This may grow in the future.
Be aware though that being unable to negotiate certain ciphersuites
might make your devices more fingerprintable, since starting in
0.2.3.x Tor will no longer advertise openssl-supported ciphersuites
that it doesn't have.
--
Nick
More information about the tor-dev
mailing list