Let's drop support for NSS!

David Woodhouse dwmw2 at infradead.org
Sat Sep 13 05:21:49 EDT 2014

> 2014-09-13 1:13 GMT+02:00 Mark Doliner <mark at kingant.net>:
>> The biggest problem I see with dropping NSS is that we currently use
>> it in our Windows builds. But GnuTLS publishes Windows builds [3].
>> Even if we can't use their Windows builds, seems promising that it's
>> at least buildable on Windows. I haven't actually tried, though.
>> So, what do people think? Any objections? Are people ok with me
>> ripping out NSS without having a solution for building on Windows?
>> Would anyone else be able to tackle that?
> Current main branch builds with both GnuTLS and NSS (at least, it should)
> -
> either with the "old" and the autoconf-based buildsystem.
> If there were any problems with dropping any of these libraries on
> Windows,
> I can handle that.

I don't think GnuTLS on Windows should pose many problems. We build the
OpenConnect VPN client on Windows using GnuTLS... and the person spending
most time on that port is the GnuTLS maintainer :)

I certainly wouldn't be sorry to see the back of the NSS/Lync compatibilty
issue and having to tell users to export
NSS_SSL_CBC_RANDOM_IV=0 to make it work.


More information about the Devel mailing list