Running the Tor daemon and looking at /var/log/tor/tor.log one can see the following notice: "We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster." The OpenSSL Wiki at: http://wiki.openssl.org/index.php/Compilation_and_Installation says about that option: "Use on x64 platforms when GCC supports __uint128_t. ECDH is about 2 to 4 times faster. Not enabled by default because Configure can't determine it." I successfully rebuilt the OpenSSL packages with that option enabled on an up-to-date Cauldron x86_64 host, so gcc seems to have what is needed. Maybe it would make sense to add that option when building the OpenSSL packages in the distribution. I simply added enable-ec_nistp_64_gcc_128 on the configure line in openssl.spec but it may need a test on the architecture.
Hardware: i586 => x86_64
Keywords: (none) => TriagedCC: (none) => fundawang, guillomovitch, luigiwalser
According to the openssl-package changelog (rpm -q --changelog openssl|head), the enable-ec_nistp_64_gcc_128 option was enabled in package release 1.0.1h-2.mga5, built on June 26. I want to mention I have not noticed any OpenSSL problem since then on a x86_64 cauldron. If there has been no negative feedback on any platform, would it make sense to close this bug?
Indeed, Guillaume did fix this. Thanks for the reminder.
Status: NEW => RESOLVEDResolution: (none) => FIXED