Why GNUSSL?

[Mak Sim]

Hello!

Yaroslav, could you please tell us a little about why did you choose GNUSSL?

Both GNUSSL ("developers are too naive and inexperienced") and OpenSSL ("written by monkeys") are known to be weak pieces of software. Do you think GNUSSL is the lesser of evils or it just has a better lisence compatibility for nxweb project?

Do you consider any alternatives for the future, say LibleSSL?

[Mak Sim]

I mean LibreSSL.

[Yaroslav]

I am not specialist in SSL, so I was choosing from most popular libraries. I found GNUSSL well documented for my (async) needs, so I've chosen it, and had no regrets so far.

Cryptography is the place where everybody is looking for weaknesses therefore the more popular library is the more weaknesses are found. Which is good by the way as all of them get fixed. So I would not reject GNUTLS just for that.

Attaching different SSL library should not be hard if it does support async model. All GNUTLS related stuff is isolated in single nxd_ssl_socket.c file.

--
You received this message because you are subscribed to the Google Groups "nxweb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nxweb+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.