[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

On Sun, Jul 13, 2014 at 12:22:49PM +0200, Jeroen Dekkers wrote:

> > > I think GnuTLS is actually a better alternative and wish there
> > > were more people developing and using it.
> >  * GnuTLS, with an API incompatible with OpenSSL, thus requiring huge
> >    amounts of work to make significant use of it.
> It depends on how you look at it. If you see the OpenSSL API as
> something that isn't really well designed then other libraries not
> copying the API is actually a good thing.

The problem is that OpenSSL is much more than just an implementation of
SSL/TLS. It is also provides a very extensive set of low-level
cryptographic functions. There are many programs that use OpenSSL for
the latter, not for the SSL/TLS layer. You just cannot drop in GnuTLS,
MatrixSSL or PolarSSL for those.

Some of the alternatives to OpenSSL come with the essential
cryptographic primitves to support SSL/TLS built-in, others rely on
external libraries to do that. For example, GnuTLS currently depends on Nettle.

Met vriendelijke groet / with kind regards,
      Guus Sliepen <guus@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to: