Michael Cronenworth writes:
Kevin Kofler wrote:I'd suggest using NSS instead of OpenSSL: * friendlier licensing (GPL-compatible!), * has some security certifications OpenSSL doesn't have, * most likely doesn't have this issue either. That said, unfortunately, porting existing OpenSSL code to use NSS instead is not trivialI did take a look at NSS, but after looking at NSPR, which I would have to use, I decided my time was best spent elsewhere.If you could point me to a nice example of NSS in use of a client/server SSL TCP socket I may change my mind, but I'm satisfied with OpenSSL at the time being.
Another alternative is GnuTLS. I find GnuTLS's API to be very clean, organized, and consistent; while OpenSSL always left me with an impression of being somewhat sloppy and disorganized.
Description: PGP signature