On Mon 2016-01-04 20:35:05 -0500, Bostjan Skufca wrote: > Would it make sense to refactor (if it is not done yet) openssh to use > generic API for communicating with any SSL implementation? Or is the > general stance on this subject "the new SSL implementation should provide > openssl-compatible API to be usable with openssh"? OpenSSH doesn't use any of the "SSL" (or TLS) features of OpenSSL. It just uses it for its library of cryptoprimitives. There have been several mentions of possibly swapping out crypto libraries in the past (a few in the last few months iirc), but it is currently not designed with such a platform-independent crypto-primitive API in mind. Damien, you said you're uninterested in linking to a GPL library -- is OpenSSH policy the same for LGPL libraries as well? (i'm thinking of nettle, which is licensed LGPL-2.1+, and has a very nice API for cryptoprimitives) --dkg _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev