[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-devel] minimum cipher in openssl ?

  • Subject: Re: [Openvpn-devel] minimum cipher in openssl ?
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Mon, 13 Sep 2004 13:07:01 -0600 (MDT)

On Sun, 12 Sep 2004, gary wrote:

> Hi,
> I want to run openvpn on WRT54G but the crypto library of openssl is
> extremely large for the device. I understand that I can trim away some
> ciphers but would like to know what minimum ciphers I have to include. I
> want to include only 3 symmetric cipher (blowfish, des and aes) and sha1
> for key stuff. What else is needed for a basic functional openvpn with
> TLS support ? No key generation function etc.(like the dh thing) is
> needed as that I can do on some other hosting machine(I assume).

This issue seems to be coming up more and more these days.

One could:

(1) Try to build a minimal OpenSSL.  The problem here is that OpenVPN uses
a lot of the OpenSSL API set.  So figuring out what can be safely cut out
is a problem.  Certainly you could try removing unneeded ciphers and
message digests, but that might not make a huge dent in the code size.

(2) Try to port OpenVPN to an alternate crypto library such as MatrixSSL.


Openvpn-devel mailing list