I'm running a tor exit node and it works correctly, however: Nov 14 11:59:12.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster. See http://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options , maybe it's useful. $ rpm -qa | grep -E '^(tor|openssl)' openssl-devel-1.0.1e-40.fc20.x86_64 tor-0.2.4.25-1.fc20.x86_64 openssl-libs-1.0.1e-40.fc20.x86_64 tor-arm-1.4.5.0-6.fc20.noarch openssl-1.0.1e-40.fc20.x86_64 torsocks-1.3-2.fc20.x86_64 openssl-libs-1.0.1e-40.fc20.i686
We do not support NIST P-224 at all due to legal reasons.
"Legal" as in certification issues, not swpats this time?
Is the legal reason for not supporting NIST P-224 still in effect ? If so is it specifically to do with NIST P-224 or to do with the code path enabled by compiling with enable-ec_nistp_64_gcc_128 ? Regardless debian, ubuntu and a fair amount of other distributions compile with enable-ec_nistp_64_gcc_128 on at least amd64 by default. According to Adam Langley - > Bodo Moeller (from the OpenSSL core team, bodo AT openssl DOT org) had this to say when I asked him about this: > "The main (or maybe only) reason this is not enabled automatically is that the >OpenSSL configure script is not clever enough to detect whether the compiler >supports __uint128_t. If you can use this code, it is superior to the default in > multiple regards (speed, and also security as the new implementations are secure against timing attacks)." (https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1018522)
While enabling P-224 is not really a good idea (it's weak and generally unused on the Internet). I don't see why we shouldn't be enabling faster implementation for P-256 and P-521.
openssl-1.0.2e-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update openssl' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-605de37b7f
openssl-1.0.2e-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.