# [solved] How do I build opensl with NIST P-224 and P-256 ?

## toralf

read this in the tor log :

```
Jan 01 15:13:18.000 [notice] We were built to run on a 64-bit CPU, with OpenSSL 1.0.1 or later, but with a version of OpenSSL that apparently lacks accelerated support for the NIST P-224 and P-256 groups. Building openssl with such support (using the enable-ec_nistp_64_gcc_128 option when configuring it) would make ECDH much faster.

```

Last edited by toralf on Fri Jan 02, 2015 7:08 pm; edited 1 time in total

----------

## khayyam

toralf ... you could try using package.env (untested)

/etc/portage/env/openssl.conf

```
EXTRA_ECONF="enable-ec_nistp_64_gcc_128"
```

/etc/portage/package.env

```
dev-libs/openssl openssl.conf
```

HTH & best ... khay

----------

## toralf

Hhm, won't work :

```
$> grep nist /etc/portage/package.env 

dev-libs/openssl  test ssl_nist

$> cat /etc/portage/env/ssl_nist 

EXTRA_ECONF="enable-ec_nistp_64_gcc_128"

$> zgrep nistp.64 *openssl* *openssl*2015*

dev-libs:openssl-1.0.1j:20150102-135319.log.gz:    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)

```

 :Sad: 

----------

## khayyam

toralf ...

ok, bug 469976 seems to provide the rational of why its disabled. The specific section {dis,en}abling this is line 128 of the ebuild so its easily copied to a local overlay and uncommented.

best ... khay

----------

## toralf

 *khayyam wrote:*   

> toralf ...
> 
> ok, bug 469976 seems to provide the rational of why its disabled. The specific section {dis,en}abling this is line 128 of the ebuild so its easily copied to a local overlay and uncommented.
> 
> best ... khay

 ick - thx kay for pointing me to that bug, wasn't aware of it.

Well, I'll not test this at my tor relay - so I'll live w/o NIST algos.

----------

