Opened 4 years ago
Last modified 3 months ago
#13977 new task
Evaluate alternate SSL/TLS libraries: CyaSSL, GnuTLS, ...
| Reported by: | teor | Owned by: | |
|---|---|---|---|
| Priority: | Medium | Milestone: | Tor: unspecified |
| Component: | Core Tor/Tor | Version: | Tor: unspecified |
| Severity: | Normal | Keywords: | lorax tor-client portability ssl openssl |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
Is tor able to compile and run against these libraries?
Should we support/recommend them?
Child Tickets
Change History (12)
comment:1 Changed 4 years ago by
comment:2 Changed 4 years ago by
Yawning notes that the CyaSSL/GnuTLS GPL and Tor license are incompatible.
But perhaps PolarSSL is an option.
comment:3 Changed 4 years ago by
| Milestone: | → Tor: 0.2.7.x-final |
|---|
Actually, the Tor license should be GPL compatible, since it doesn't include an advertising clause. OpenSSL is GPL-incompatible, but we don't have the same problem it does.
comment:4 Changed 4 years ago by
| Status: | new → assigned |
|---|
comment:5 Changed 4 years ago by
| Milestone: | Tor: 0.2.7.x-final → Tor: 0.2.8.x-final |
|---|
comment:6 Changed 4 years ago by
| Milestone: | Tor: 0.2.8.x-final → Tor: 0.2.??? |
|---|
Move a few tickets out of 0.2.8. I would take a good patch for most of these if somebody writes one. (If you do, please make the ticket needs_review and move it back into maint-0.2.8 milestone. :) )
comment:8 Changed 2 years ago by
| Keywords: | tor-03-unspecified-201612 added |
|---|---|
| Milestone: | Tor: 0.3.??? → Tor: unspecified |
Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.
comment:9 Changed 2 years ago by
| Keywords: | tor-03-unspecified-201612 removed |
|---|
Remove an old triaging keyword.
comment:10 Changed 2 years ago by
| Status: | assigned → new |
|---|
Change the status of all assigned/accepted Tor tickets with owner="" to "new".
comment:11 Changed 23 months ago by
| Keywords: | tor-client portability ssl openssl added |
|---|---|
| Severity: | → Normal |
comment:12 Changed 3 months ago by
GnuTLS might be helpful for anti-censorship use, despite their incompatible licenses.
I live in China and patched my own Tor with GnuTLS (using their gnutls_record_send_range to do extra padding), which works smoothly with vanilla bridges. Never seen GFW active probing on my bridge.
See also:
#13815 for a BoringSSL port
#13415 for LibreSSL
#13817 for (SSL fork) library detection