On Sun, 12 Sep 2004, gary wrote: > Hi, > > I want to run openvpn on WRT54G but the crypto library of openssl is > extremely large for the device. I understand that I can trim away some > ciphers but would like to know what minimum ciphers I have to include. I > want to include only 3 symmetric cipher (blowfish, des and aes) and sha1 > for key stuff. What else is needed for a basic functional openvpn with > TLS support ? No key generation function etc.(like the dh thing) is > needed as that I can do on some other hosting machine(I assume).
This issue seems to be coming up more and more these days. One could: (1) Try to build a minimal OpenSSL. The problem here is that OpenVPN uses a lot of the OpenSSL API set. So figuring out what can be safely cut out is a problem. Certainly you could try removing unneeded ciphers and message digests, but that might not make a huge dent in the code size. (2) Try to port OpenVPN to an alternate crypto library such as MatrixSSL. James
