Opened 4 years ago

Last modified 6 weeks ago

#13977 new task

Evaluate alternate SSL/TLS libraries: CyaSSL, GnuTLS, ...

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords: lorax tor-client portability ssl openssl
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Is tor able to compile and run against these libraries?
Should we support/recommend them?

Child Tickets

Change History (12)

comment:1 Changed 4 years ago by teor

See also:
#13815 for a BoringSSL port
#13415 for LibreSSL
#13817 for (SSL fork) library detection

comment:2 Changed 4 years ago by teor

Yawning notes that the CyaSSL/GnuTLS GPL and Tor license are incompatible.
But perhaps PolarSSL is an option.

Last edited 4 years ago by teor (previous) (diff)

comment:3 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-final

Actually, the Tor license should be GPL compatible, since it doesn't include an advertising clause. OpenSSL is GPL-incompatible, but we don't have the same problem it does.

comment:4 Changed 4 years ago by nickm

Status: newassigned

comment:5 Changed 4 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final

comment:6 Changed 3 years ago by nickm

Milestone: Tor: 0.2.8.x-finalTor: 0.2.???

Move a few tickets out of 0.2.8. I would take a good patch for most of these if somebody writes one. (If you do, please make the ticket needs_review and move it back into maint-0.2.8 milestone. :) )

comment:7 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:8 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:9 Changed 21 months ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:10 Changed 21 months ago by nickm

Status: assignednew

Change the status of all assigned/accepted Tor tickets with owner="" to "new".

comment:11 Changed 21 months ago by nickm

Keywords: tor-client portability ssl openssl added
Severity: Normal

comment:12 Changed 6 weeks ago by cypherpunks3

GnuTLS might be helpful for anti-censorship use, despite their incompatible licenses.

I live in China and patched my own Tor with GnuTLS (using their gnutls_record_send_range to do extra padding), which works smoothly with vanilla bridges. Never seen GFW active probing on my bridge.

Note: See TracTickets for help on using tickets.