TLS Libraries

Michael McConville mmcconville at
Sat Jun 20 15:01:45 EDT 2015

Currently, GnuTLS is our default TLS library and NSS is used if GnuTLS
is unavailable or if ./configure is given the --enable-nss flag.

Choosing one would simplify the configure script a lot and allow us to
drop a good deal of preproc conditions and associated code. It'd also
help reduce the amount of security-critical code. As always, though,
there could be OS support problems.

There's a ticket about this:

The Yahoo/GnuTLS issue mentioned there has since been fixed.

I've seen a few strange GnuTLS compatibility problems in the past, so my
tentative and largely uninformed preference is NSS.

Thoughts? Potential issues?

More information about the Devel mailing list