[Help-gnutls] Re: GnuTLS vs OpenSSL vs NSS
simon at josefsson.org
Thu May 3 17:36:53 CEST 2007
Daniel Stenberg <daniel at haxx.se> writes:
> On Thu, 3 May 2007, Simon Josefsson wrote:
>> I've created some tables with a comparison between common TLS
>> implementations. I'm running short of ideas on things to compare.
>> Any ideas or suggestions? The URL is:
>> What do you think?
> I love it! The fact that libcurl supports all three of these also
> makes it a great comparison table for me to point out to libcurl
Btw, I intend to send the link to the OpenSSL/NSS communities, so they
can correct any errors and suggest other things to compare too.
> A few ideas:
> - Make the Yes/No boxes use different colors (perhaps green/red) to make it
> easier to detect the differences when browsing casually.
> - The multi-threaded situation. With NSS they say no mutex callbacks are
> necessary, with GnuTLS you need to set them in an _underlying_ crypto
> library while in OpenSSL you use the OpenSSL API to set them.
> - The random seed situation. I don't know about the NSS in this aspect, but
> again with GnuTLS you need to set them in an _underlying_ crypto library
> while in OpenSSL you use the OpenSSL API.
Added, under a new "Portability concerns" table. It got a bit verbose,
> These two latter points are stuff I've planned to discuss with you to
> fix in a future GnuTLS but I've not yet had the time.
Fixing them would indeed be useful. I'm not happy with how libgcrypt
creates additional thread-safety concerns for GnuTLS applications, but
fixing it is non-trivial and nobody has offered to work on it or sponsor
I expect the random seed API problem will be resolved soon, I noticed
some patches went into libgcrypt for this recently.
More information about the Gnutls-help