Skip to content

Could we eliminate or unrestrict our SSL_CTX_set1_groups_list() usage in Tor with OpenSSL?

While working on enabling the PQC ML-KEM with the OpenSSL 3.5 beta1 release, I had to disable our calls to SSL_CTX_set1_groups_list() in the tor_tls_context_new() function found in tortls_openssl.c.

We currently have some logic around the TOR_TLS_CTX_USE_ECDHE_P256 and TOR_TLS_CTX_USE_ECDHE_P224 flags, but both of these two flags are unused in the codebase. We always end up setting list = "P-256:P-224" and because of that, clients and servers won't get the ML-KEM enabled by default if their OpenSSL supports it.

Could we loosen this restricted set of groups we pass to SSL_CTX_set1_groups_list() and maybe even go with the defaults found in the system's OpenSSL?

The patch I have to enable ML-KEM with OpenSSL 3.5 and Tor can be found in ahf/tor@ebf16454

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information