[Help-gnutls] Re: GnuTLS vs OpenSSL vs NSS

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Thu May 3 18:43:24 CEST 2007

Hash: SHA1

On Thu 2007-05-03 12:04:44 -0400, Simon Josefsson wrote:

> devel <dev001 at pas-world.com> writes:

>> Support to hardware accelerator and other devices.
> Adding it would be good.

I also think this would be worth including.  openSSL's "engine"
architecture and NSS's "security modules" provide some food for
thought.  I don't know GnuTLS well enough to know if there's a
comparable API for either of these, so i'd very much like to see them
compared by someone knowledgable.

As nice as those frameworks are for encouraging hardware crypto
(smartcard support, etc), i think they also provide yet another place
for security concerns to pop up.  So they're a mixed bag.

You might also want to clarify that this table is comparing *free* TLS
implementations, or else add some non-free implementations to the

Lastly, i'd be very excited if the headers of the various columns
could be links to the specifications of the features to which they
refer.  That could make this page an all-around reference point for
TLS functionality and specifications, which would be great.

Thanks for writing this up, Simon.  It's great.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>


More information about the Gnutls-help mailing list