[gnutls-dev] GnuTLS vs OpenSSL vs NSS

Simon Josefsson simon at josefsson.org
Thu Jun 28 11:48:55 CEST 2007


Thanks for the additional information, I updated the page again.

(Although for some reason the gnu.org web pages aren't updated, but the
change is available from http://josefsson.org/gnutls/comparison.html
meanwhile.)

/Simon

Robert Relyea <rrelyea at redhat.com> writes:

> Sigh trying to keep up with email.
>
>
> thanks simon for updating the table..
>
> Simon Josefsson wrote:
>> rrelyea at redhat.com writes:
>>
>>   
>>> Under portability concerns, NSS should read:
>>>
>>> NSS Platform requirements - NSPR* Network requirements - NSPR* thread
>>> safety- NSPR* (uses native platform threads when available, provides
>>> thread implementation if f necessary) Random Seed - set through native
>>> OS API, extra entropy grab from installed PKCS #11 modules,
>>> application can also add entropy on the fly
>>>     
>>
>> Added most of it, but I don't understand the last part -- how is the
>> random seed set through a 'native OS API'?  Does this refer to some NSPR
>> API?  Or what OS APIs do you mean?  I'm not aware of any standard APIs
>> for setting random seeds.
>>   
> There isn't a standard API. For Unix/Linux it uses /dev/urandom if
> available, for Windows it uses CAPI. For all platforms it gets data
> from clock, and tries to open system files. NSS has a set of platform
> dependent functions is uses to determine randomness. You are right,
> they probably should live in NSPR.
>
> bob




More information about the Gnutls-devel mailing list