[tor-dev] TLS warning using static OpenSSL 1.0.1c

grarpamp grarpamp at gmail.com
Tue Jun 26 23:39:50 UTC 2012


> I had to alter the Makefile
> and tell the linker where to find ... libz.so and libz.a and zlib includes

If you got a static 'openssl' binary with zlib in it, and both
.a and .so's for the openssl libs, and libevent and tor compiled
against that, I'd like to see the openssl diff. I gave up early.

> Also libevent and tor need the ./configure CPPFLAGS and LDFLAGS for zlib

Yeah, and and for against openssl and libevent too. I left that out.

> I'm only encountering timeouts after the circuit has been established:
> Jun 26 21:21:04.000 [notice] Tried for 120 seconds to get a connection to
> [scrubbed]:53. Giving up. (waiting for circuit)

Don't know., sounds normal, send a signal newnym.

> static OpenSSL 1.0.1c (... zlib ...)

I think 'zlib' works the same as not specifying any zlib* phrase.
And that not specifying 'shared' gets you only static libs and
a dynamic bin, 'shared' adds dyn libs.

> libevent-2.0.19-stable (bufferevents enabled)
> Also I compiled with miniupnpc-1.7 and libnatpmp-20110808 support.
> I think the Tor binary is too big 5.3MB which is due to libcrypto.a being
> 4.4MB (stripped).

Tor here is 3487400 bytes, stripped.

> Would you happen to know which ciphers I can drop from OpenSSL? (so I can
> shrink it a bit).

It's in the torspec docs somewhere. Probably just rsa, dh, aes and x509, basics.
Or try debug in openssl.conf.


More information about the tor-dev mailing list