[tor-dev] How bad is not having 'enable-ec_nistp_64_gcc_128' really? (OpenBSD)

Yawning Angel yawning at schwanenlied.me
Mon Jun 22 18:10:00 UTC 2015

On Mon, 22 Jun 2015 18:36:19 +0200
nusenu <nusenu at openmailbox.org> wrote:

> Hash: SHA512
> Hi,
> since enable-ec_nistp_64_gcc_128 is
> disabled by default on OpenBSD due to compiler bugs [1]
> I wanted to ask how bad is it (in relay context) to ignore the usual
> tor log entry:
> > We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, 
> > but with a version of OpenSSL that apparently lacks accelerated 
> > support for the NIST P-224 and P-256 groups. Building openssl with 
> > such support (using the enable-ec_nistp_64_gcc_128 option when 
> > configuring it) would make ECDH much faster.
> Tor's changelog "highly recommends" it [2].
> Can this be "translated" to something like
> "the relay's bandwidth usage and usefulness will be reduced"
> "latency will be higher"
> "security will be degraded due to fallback to DH-1024"
> ?

It's exactly what it says on the tin.  Your relay will burn more CPU
doing ECDHE as part of TLS, but it will have no security impact unless
there is a bug in the non-optimized ECDH code.

"TLS connections will take longer to be established, because the key
 exchange takes longer, but once connected there is no further impact".

Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150622/9e4b773a/attachment.sig>

More information about the tor-dev mailing list