NSS vs OpenSSL

Rob Townley rob.townley at gmail.com
Mon Oct 5 23:08:43 CEST 2009


On Mon, Oct 5, 2009 at 3:47 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Mon, Oct 05, 2009 at 03:22:09PM -0500, Rob Townley wrote:
>
>> Since Fedora is pushing NSS SSL instead of OpenSSL, has someone tested
>> tinc-vpn against NSS?  As i recall, a single machine can not have
>> OpenSSL and mod_nss installed at the same time anymore.  So if you
>> have apache running, you _may_ have problems running tinc?  The nss
>> api is supposed to mostly similar to openssl api, but there are some
>> things openssl supports and somethings nss supports.
>
> Perhaps mod_nss conflicts with mod_ssl, but I cannot believe it would conflict
> with the OpenSSL libraries themselves.
>
> --
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAkrKW3IACgkQAxLow12M2nuXKACcC05ZcjV6Pw99HlUL9fPnZSry
> wFYAnAr0jRaND6UjVNOqofyqzjJmgIMX
> =0usf
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>

Maybe it was more of a yum / rpm packaging dependency problem than
strict library incompatibility problem.  i haven't found where i read
the exact problem i was thinking of.  Regardless, the movement is away
from openssl to nss.

A fc developer Tomas Mraz says that OpenSSL needs redesign and another
even goes as far as to say that even the OpenSSL developers want
everyone to use nss instead.
http://www.linux-archive.org/fedora-development/227882-heads-up-openssl-0-9-8j-rawhide.html

Redhat's OpenSSH moved to nss / fipscheck.  fips=Federal Info
Processing Standard.

Here is a problem with OpenSwan on upgrade from fc10 to FC11:
http://forums.fedoraforum.org/showthread.php?t=224391


More information about the tinc mailing list