On Monday 22 October 2007 08:17:01 Bernardo Innocenti wrote: > It would seem a worthwhile goal to unify SSL/TLS > implementations like we did for spell checkers. Yes, we agree. > We're now shipping no less than 4 different implementations > of SSL: > > - openssl (OpenBSD's implementation) > - nss (Netscape's implementation) > - gnutls (LGPL implementation) > - puretls (Java implementation) There's actually more crypto than that. > But which one should replace the others? Please see an email I sent back in August on this topic. https://www.redhat.com/archives/fedora-devel-list/2007-August/msg01594.html I out line the reasons for the choice of NSS. > It is not clear to me. Judging from dependencies, OpenSSL, > NSS and gnutls all seem equally popular in Fedora. Yep. > If we are to believe a non-independent comparison, gnutls > looks like the best choice But you are ignoring the fact that gnutls has never been through a FIPS-140-2 certification and they are very expensive. These certifications find many bugs that would otherwise go unnoticed as well and require certain control interfaces be developed. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
