TLS Libraries

Eion Robb eion at robbmob.com
Sat Jun 20 17:54:17 EDT 2015


There was a bit of discussion last year about this
https://pidgin.im/pipermail/devel/2014-September/023530.html

I can't remember what conclusion we got to though. Keeping the ssl
pluginable is definitely an advantage. I'm not a fan of putting all the
security eggs in one basket :)
On 21/06/2015 7:16 am, "Michael McConville" <mmcconville at mykolab.com> wrote:

> On Sat, Jun 20, 2015 at 03:01:45PM -0400, Michael McConville wrote:
> > Currently, GnuTLS is our default TLS library and NSS is used if GnuTLS
> > is unavailable or if ./configure is given the --enable-nss flag.
> >
> > Choosing one would simplify the configure script a lot and allow us to
> > drop a good deal of preproc conditions and associated code. It'd also
> > help reduce the amount of security-critical code. As always, though,
> > there could be OS support problems.
> >
> > There's a ticket about this:
> >
> >       https://developer.pidgin.im/ticket/16222
> >
> > The Yahoo/GnuTLS issue mentioned there has since been fixed.
> >
> > I've seen a few strange GnuTLS compatibility problems in the past, so my
> > tentative and largely uninformed preference is NSS.
> >
> > Thoughts? Potential issues?
>
> I don't know how relevant this is, but Weechat is an example of a
> multi-protocol (with plugins) chat application that relies on a single
> TLS library (GnuTLS).
>
> _______________________________________________
> Devel mailing list
> Devel at pidgin.im
> https://pidgin.im/cgi-bin/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/devel/attachments/20150621/0adb5210/attachment.html>


More information about the Devel mailing list