On Sat, Mar 25, 2017 at 10:52:47PM +0100, Ævar Arnfjörð Bjarmason wrote: > > If we want to consider performance-related concerns, I think the easier > > solution is using Nettle, which is LGPL 2.1. Considering that the > > current opinions for a new hash function are moving in the direction of > > SHA-3, which Nettle has, but OpenSSL does not, I think that might be a > > better decision overall. It was certainly the implementation I would > > use if I were to implement it. > > Yeah there's a lot of options open for just sha1-ing, but we also use > OpenSSL for TLS via imap-send. These days imap-send has basically two implementations: one that speaks imap itself (optionally using openssl), and one that just uses curl's imap support. If you build with NO_OPENSSL, the curl implementation kicks in by default. So I think any distro worried about licensing can just "make NO_OPENSSL" today and get full functionality. Curl may use openssl behind the scenes, of course, but distros already have to deal with that (at least on Debian, you can drop-in gnutls). -Peff