From owner-freebsd-questions@FreeBSD.ORG Wed Nov 19 12:42:32 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5DB0E39A for ; Wed, 19 Nov 2014 12:42:32 +0000 (UTC) Received: from mail-vc0-x235.google.com (mail-vc0-x235.google.com [IPv6:2607:f8b0:400c:c03::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 289E4FFA for ; Wed, 19 Nov 2014 12:42:32 +0000 (UTC) Received: by mail-vc0-f181.google.com with SMTP id le20so219860vcb.26 for ; Wed, 19 Nov 2014 04:42:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=berentweb.com; s=google; h=date:from:to:subject:message-id:mime-version:content-type :content-transfer-encoding; bh=cQtzYfh/13jH19VVHsPJeJYvJ5UcapkCMFPPopypElU=; b=N87VGgVZyeo6uEAbZey99b+DBjdTDc6JVqbavdY6L1TvjcuIcrs1YiyFfU8+I+YUTU 7vU/iJb9rcJpPYg0PqGCb9Ujz3/Sz8Nzi8CqZmasq9OGkn5c+LXmP2B12YVmmlGZJmBv CsYyTxwwYQa2BGlUL5DJ5oTg1rv0RPavoQhwk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-type:content-transfer-encoding; bh=cQtzYfh/13jH19VVHsPJeJYvJ5UcapkCMFPPopypElU=; b=LTs2/Le/gaeaPgTab1SFBYK2hr76ShQw4Q3oBtlpSHVCgRxh+wHLFOKjgbOoY95rvo GFx8ojyfwizLiWFMDpMBQp91UFLDNYb6cp4r1hxAOHAwlxYOGbC0dgIiJTVEtjpGfOtD xpKrX8aactj8cLBcEWWAcjjozbRVYaAAu9+qSUWs3DDgWzzjHZ1b/s+cHFxdEboHL429 X091uhhe1TQ+CM3Lexsr8aI3etS5jbckoJqFCYKIBvqL/hDlHStubKPOpfx/HYhjOF8M VQQC0B3xKb139tG6buEiodnT63odSme/o0okhs8oXzFWCEat6G5kkxJpMtkDOjGAeXPU Q7hg== X-Gm-Message-State: ALoCoQmVAav5ph2r9Pu3kGVczEh8br8Uduw7ewgzUQhJZH0ZnVyCcpCD5qAYOtej9ug6k9lMMrRW X-Received: by 10.52.165.65 with SMTP id yw1mr31079559vdb.23.1416400950898; Wed, 19 Nov 2014 04:42:30 -0800 (PST) Received: from rsbsd.rsb ([31.200.21.235]) by mx.google.com with ESMTPSA id c4sm292261vdj.4.2014.11.19.04.42.29 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Nov 2014 04:42:30 -0800 (PST) Date: Wed, 19 Nov 2014 14:42:30 +0200 From: Beeblebrox To: freebsd-questions@freebsd.org Subject: Enable elliptic curve NISTP in openssl from base Message-ID: <20141119144230.726806f7@rsbsd.rsb> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2014 12:42:32 -0000 My TOR log shows below for start up. I don't have security/openssl installe= d as I'm using that from base. Also that's not among the depends ports for = security/tor. "We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but wit= h a version of OpenSSL that apparently lacks accelerated support for the NI= ST P-224 and P-256 groups. Building openssl with such support (using the en= able-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much f= aster." I cannot find any extra setting in /etc/src.conf that would enable this. Th= e man page mentions EC, and I have generated SSL/EC keys as test which work= s. I don't know where to look from here. --=20 FreeBSD_amd64_11-Current_RadeonKMS