> I remember this topic being discussed some time ago, > but software is fluid and maybe it's time to respin > the topic. > > It would seem a worthwhile goal to unify SSL/TLS > implementations like we did for spell checkers. > Or, if it turns out to be too hard, at least it would > be nice to their pki files. > > We're now shipping no less than 4 different implementations > of SSL: > > - openssl (OpenBSD's implementation) > - nss (Netscape's implementation) > - gnutls (LGPL implementation) > - puretls (Java implementation) > > But which one should replace the others? > > It is not clear to me. Judging from dependencies, OpenSSL, > NSS and gnutls all seem equally popular in Fedora. > > If we are to believe a non-independent comparison, gnutls > looks like the best choice: > > http://www.gnu.org/software/gnutls/comparison.html > > I couldn't find good benchmarks around, but they would > make an important decision factor. > > There are two good reasons not to choose OpenSSL: the > license is GPL incompatible and the ABI gets broken by > upstream very frequently. Strangely enough, OpenSSL in > F8 is linked against nss instead of openssl. > > Thoughts? There's discussions about this on the project wiki here http://fedoraproject.org/wiki/FedoraCryptoConsolidation Not sure what the current status is though. Peter -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
