On Thu, Mar 06, 2014 at 09:08:32 +0000, David Woodhouse wrote: > This does raise the question of whether we should consider dropping > GnuTLS 2.x support altogether. There's a bunch of evil in the > certificate handling code ? especially for the TPM ? which could be > dropped. And anyone using GnuTLS 2.x, unless they eschew DTLS > completely, is going to have to link against OpenSSL *anyway*. > > The disadvantages are that existing GnuTLS 2.x users would lose PKCS#11 > support, and the licensing issue of using OpenSSL from within KDE's > NetworkManager tool. > > Any idea how long you're going to need to support GnuTLS 2.x? AIUI the remaining blocker is the licensing on GMP. There was a discussion about this a couple of months ago [1][2], and it sounded like once we have a GMP 5.2 release that is compatible with GPLv2+, we should be able to make GnuTLS 3 the default. [1] https://lists.debian.org/debian-devel/2013/12/msg00329.html [2] https://lists.debian.org/debian-devel/2014/01/msg00538.html -- mike -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/f71dd38f/attachment.sig>
