From owner-freebsd-ports-bugs@FreeBSD.ORG Fri May 15 17:28:04 2015 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57959D49 for ; Fri, 15 May 2015 17:28:04 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 27A5C19A3 for ; Fri, 15 May 2015 17:28:04 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t4FHS3ov038152 for ; Fri, 15 May 2015 17:28:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200223] security/tor: ship tor package linked against openssl from ports (faster ECDH support) Date: Fri, 15 May 2015 17:28:03 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: nusenu@openmailbox.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bf@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 May 2015 17:28:04 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200223 Bug ID: 200223 Summary: security/tor: ship tor package linked against openssl from ports (faster ECDH support) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: bf@FreeBSD.org Reporter: nusenu@openmailbox.org Flags: maintainer-feedback?(bf@FreeBSD.org) Assignee: bf@FreeBSD.org security/tor package currently does not depend on openssl from ports but uses openssl provided by base. openssl in base comes without enable-ec_nistp_64_gcc_128 support, tor will show the following line in the logs (if tor has been installed via 'pkg install tor') [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. Installing openssl from packages/ports + recompiling tor solves this. What do you think about making tor depend on the openssl package (not the one in base) and ship the tor package which is linked against the openssl package to solve this also in the package out of the box? I saw it was actually you (the security/tor maintainer) who enabled enable-ec_nistp_64_gcc_128 in the first place: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=175663 (Is there a particular reason why this feature is off in base by default?) thanks! -- You are receiving this mail because: You are the assignee for the bug.