NSS vs OpenSSL

Rob Townley rob.townley at gmail.com
Mon Oct 5 23:54:22 CEST 2009


On Mon, Oct 5, 2009 at 4:24 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> On Mon, Oct 05, 2009 at 04:08:43PM -0500, Rob Townley wrote:
>
>> On Mon, Oct 5, 2009 at 3:47 PM, Guus Sliepen <guus at tinc-vpn.org> wrote:
>> > Perhaps mod_nss conflicts with mod_ssl, but I cannot believe it would conflict
>> > with the OpenSSL libraries themselves.
>>
>> Maybe it was more of a yum / rpm packaging dependency problem than
>> strict library incompatibility problem.  i haven't found where i read
>> the exact problem i was thinking of.  Regardless, the movement is away
>> from openssl to nss.
>>
>> A fc developer Tomas Mraz says that OpenSSL needs redesign and another
>> even goes as far as to say that even the OpenSSL developers want
>> everyone to use nss instead.
>> http://www.linux-archive.org/fedora-development/227882-heads-up-openssl-0-9-8j-rawhide.html
>
> OpenSSL is hardly the first library to introduce some ABI incompatibilities
> when releasing a new version, this is not cause for a redesign in my opinion.
> James Antill's reply looks like a sarcastic remark to me. Unless you can point
> me to more official postings, I believe these are just the opinions of a few
> individual Fedora developers, and OpenSSL isn't going anywhere anytime soon.
> (According to apt, Debian has 604 packages depending on OpenSSL and only 40
> depending on NSS.)
>
> In the unlikely event that it does, tinc's 1.1 branch can use different
> cryptography libraries, it's not tied to OpenSSL like 1.0.
>
> --
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAkrKY/gACgkQAxLow12M2nvUMACgg鎻膳⟖퍜丞톏䕻�
> rIkAoJB6oUBkoYmMIypplb8iL0ZHsLuj
> =52xh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>

Thank You Guus.  i am hoping to set up a tinc network soon with some
clients running Fedora and CentOS, so wanted to know what problems may
arise.


More information about the tinc mailing list