I remember this topic being discussed some time ago, but software is fluid and maybe it's time to respin the topic. It would seem a worthwhile goal to unify SSL/TLS implementations like we did for spell checkers. Or, if it turns out to be too hard, at least it would be nice to their pki files. We're now shipping no less than 4 different implementations of SSL: - openssl (OpenBSD's implementation) - nss (Netscape's implementation) - gnutls (LGPL implementation) - puretls (Java implementation) But which one should replace the others? It is not clear to me. Judging from dependencies, OpenSSL, NSS and gnutls all seem equally popular in Fedora. If we are to believe a non-independent comparison, gnutls looks like the best choice: http://www.gnu.org/software/gnutls/comparison.html I couldn't find good benchmarks around, but they would make an important decision factor. There are two good reasons not to choose OpenSSL: the license is GPL incompatible and the ABI gets broken by upstream very frequently. Strangely enough, OpenSSL in F8 is linked against nss instead of openssl. Thoughts? -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
