Let's drop support for NSS!

Thijs Alkemade thijsalkemade at gmail.com
Sat Sep 13 05:52:35 EDT 2014


On 13 sep. 2014, at 11:21, David Woodhouse <dwmw2 at infradead.org> wrote:

> 
>> 2014-09-13 1:13 GMT+02:00 Mark Doliner <mark at kingant.net>:
>> 
>>> The biggest problem I see with dropping NSS is that we currently use
>>> it in our Windows builds. But GnuTLS publishes Windows builds [3].
>>> Even if we can't use their Windows builds, seems promising that it's
>>> at least buildable on Windows. I haven't actually tried, though.
>>> 
>>> So, what do people think? Any objections? Are people ok with me
>>> ripping out NSS without having a solution for building on Windows?
>>> Would anyone else be able to tackle that?
>>> 
>> 
>> Current main branch builds with both GnuTLS and NSS (at least, it should)
>> -
>> either with the "old" and the autoconf-based buildsystem.
>> 
>> If there were any problems with dropping any of these libraries on
>> Windows,
>> I can handle that.
> 
> I don't think GnuTLS on Windows should pose many problems. We build the
> OpenConnect VPN client on Windows using GnuTLS... and the person spending
> most time on that port is the GnuTLS maintainer :)
> 
> I certainly wouldn't be sorry to see the back of the NSS/Lync compatibilty
> issue and having to tell users to export
> NSS_SSL_CBC_RANDOM_IV=0 to make it work.

Picking a TLS implementation based on the security fixes it lacks doesn’t
sound like the greatest idea to me.

Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pidgin.im/pipermail/devel/attachments/20140913/cdc4cdcd/attachment-0001.sig>


More information about the Devel mailing list