[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Should we settle on one SSL implementation?
- From: "Peter Robinson" <pbrobinson gmail com>
- To: "Development discussions related to Fedora" <fedora-devel-list redhat com>
- Subject: Re: Should we settle on one SSL implementation?
- Date: Mon, 22 Oct 2007 14:49:14 +0100
> I remember this topic being discussed some time ago,
> but software is fluid and maybe it's time to respin
> the topic.
>
> It would seem a worthwhile goal to unify SSL/TLS
> implementations like we did for spell checkers.
> Or, if it turns out to be too hard, at least it would
> be nice to their pki files.
>
> We're now shipping no less than 4 different implementations
> of SSL:
>
> - openssl (OpenBSD's implementation)
> - nss (Netscape's implementation)
> - gnutls (LGPL implementation)
> - puretls (Java implementation)
>
> But which one should replace the others?
>
> It is not clear to me. Judging from dependencies, OpenSSL,
> NSS and gnutls all seem equally popular in Fedora.
>
> If we are to believe a non-independent comparison, gnutls
> looks like the best choice:
>
> http://www.gnu.org/software/gnutls/comparison.html
>
> I couldn't find good benchmarks around, but they would
> make an important decision factor.
>
> There are two good reasons not to choose OpenSSL: the
> license is GPL incompatible and the ABI gets broken by
> upstream very frequently. Strangely enough, OpenSSL in
> F8 is linked against nss instead of openssl.
>
> Thoughts?
There's discussions about this on the project wiki here
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
Not sure what the current status is though.
Peter
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]