[gnutls-dev] GnuTLS vs OpenSSL vs NSS
simon at josefsson.org
Sun May 27 00:09:00 CEST 2007
rrelyea at redhat.com writes:
> Simon Josefsson-2 wrote:
>> I've created some tables with a comparison between common TLS
>> implementations. I'm running short of ideas on things to compare. Any
>> ideas or suggestions? The URL is:
>> What do you think?
>> Also, if you notice any mistakes, or know for sure the status on some I
>> put down as 'No?', please let me know and I'll fix it.
> Hi simon,
> I have a few updates for you:
Hi! Many thanks. I have intended to send links to the OpenSSL/NSS
teams, but I haven't felt finished enough with the page to do so yet. I
am happy to incorporate your suggestions now.
> Under portability concerns, NSS should read:
> NSS Platform requirements - NSPR* Network requirements - NSPR* thread
> safety- NSPR* (uses native platform threads when available, provides
> thread implementation if f necessary) Random Seed - set through native
> OS API, extra entropy grab from installed PKCS #11 modules,
> application can also add entropy on the fly
Added most of it, but I don't understand the last part -- how is the
random seed set through a 'native OS API'? Does this refer to some NSPR
API? Or what OS APIs do you mean? I'm not aware of any standard APIs
for setting random seeds.
> *NSPR(and NSS) has(have) been ported to the following platforms (that
> I know about): AIX, BSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, Mac OS 9,
> OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony playstation.
> Under Developement:
> remove PR_ * from namespace in the NSS page. PR_ is part of the NSPR
> namespace... crypto library... change NSS from included, monolithic
> to included, PKCS #11 based*
> *On the fly replaceable/augmentable.
> It would be good to add a column on certificate management/storage and
> PKCS #11/token support.
> There's also a missing table to include things like OCSP and CRL
> processing support.
Good ideas, I've added this on the todo list at the bottom of the page.
> Finally, Under Protocol support, the NSS column for SSL2 should say (yes, off by default)
>> Help-gnutls mailing list
>> Help-gnutls at gnu.org
> Quoted from:
More information about the Gnutls-devel