TLS Libraries

Michael McConville mmcconville at mykolab.com
Sat Jun 20 15:15:51 EDT 2015


On Sat, Jun 20, 2015 at 03:01:45PM -0400, Michael McConville wrote:
> Currently, GnuTLS is our default TLS library and NSS is used if GnuTLS
> is unavailable or if ./configure is given the --enable-nss flag.
> 
> Choosing one would simplify the configure script a lot and allow us to
> drop a good deal of preproc conditions and associated code. It'd also
> help reduce the amount of security-critical code. As always, though,
> there could be OS support problems.
> 
> There's a ticket about this:
> 
> 	https://developer.pidgin.im/ticket/16222
> 
> The Yahoo/GnuTLS issue mentioned there has since been fixed.
> 
> I've seen a few strange GnuTLS compatibility problems in the past, so my
> tentative and largely uninformed preference is NSS.
> 
> Thoughts? Potential issues?

I don't know how relevant this is, but Weechat is an example of a
multi-protocol (with plugins) chat application that relies on a single
TLS library (GnuTLS).



More information about the Devel mailing list