why gnutls when we have openssl?

Werner Koch wk@gnupg.org
Thu Aug 23 20:38:01 2001


On Thu, 23 Aug 2001 19:12:21 +0200, Simon Josefsson said:


> There is also Mozilla's NSS which is a GPLd TLS implementation. Like
At the time Nikos started with GNUTLS NSS was not available and I have to confess that did not yet browsed the NSS code. Netscape is known for its good cmpatibility which they obviously reach by a relative simple implementation - well, that's from hearsay.
> OpenSSL it also has S/MIME and other stuff, and it's quite mature and
> bug free from what I've seen.
HAve you ever tried to hack on this ;-)
> I fear a incompatibility mess for TLS libraries in free software soon,
> we'll all be required to have three TLS libraries installed and each
TLS is well defined by an RFC and (used) Internet protocols are know for good interoperability. The problematic part is X.509 and all the different profiles - we can't do much about it except by supporting the most promising profiles.
> for Unix users until you can manage your CA's, private keys etc across
> applications. It's blasphemy here, but the integration of CAPI/CSP in
> Windows is just so nice, I wished we had something like that on Unix.
I won't promise anything, but eventually the GNU project will have something like this. GNUTLS is just a first step other stuff will come for sure. Actually I am preparing for a project which can be the base for it. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus