NSS vs OpenSSL

Guus Sliepen guus at tinc-vpn.org
Mon Oct 5 23:24:08 CEST 2009


On Mon, Oct 05, 2009 at 04:08:43PM -0500, Rob Townley wrote:

> On Mon, Oct 5, 2009 at 3:47 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> > Perhaps mod_nss conflicts with mod_ssl, but I cannot believe it would conflict
> > with the OpenSSL libraries themselves.
> 
> Maybe it was more of a yum / rpm packaging dependency problem than
> strict library incompatibility problem.  i haven't found where i read
> the exact problem i was thinking of.  Regardless, the movement is away
> from openssl to nss.
> 
> A fc developer Tomas Mraz says that OpenSSL needs redesign and another
> even goes as far as to say that even the OpenSSL developers want
> everyone to use nss instead.
> http://www.linux-archive.org/fedora-development/227882-heads-up-openssl-0-9-8j-rawhide.html

OpenSSL is hardly the first library to introduce some ABI incompatibilities
when releasing a new version, this is not cause for a redesign in my opinion.
James Antill's reply looks like a sarcastic remark to me. Unless you can point
me to more official postings, I believe these are just the opinions of a few
individual Fedora developers, and OpenSSL isn't going anywhere anytime soon.
(According to apt, Debian has 604 packages depending on OpenSSL and only 40
depending on NSS.)

In the unlikely event that it does, tinc's 1.1 branch can use different
cryptography libraries, it's not tied to OpenSSL like 1.0.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20091005/886b0582/attachment.pgp>


More information about the tinc mailing list