why gnutls when we have openssl?

Werner Koch wk at gnupg.org
Thu Aug 23 20:38:01 CEST 2001

On Thu, 23 Aug 2001 19:12:21 +0200, Simon Josefsson said:

> There is also Mozilla's NSS which is a GPLd TLS implementation.  Like

At the time Nikos started with GNUTLS NSS was not available and I have
to confess that did not yet browsed the NSS code.  Netscape is known
for its good cmpatibility which they obviously reach by a relative
simple implementation - well, that's from hearsay.

> OpenSSL it also has S/MIME and other stuff, and it's quite mature and
> bug free from what I've seen.

HAve you ever tried to hack on this ;-)

> I fear a incompatibility mess for TLS libraries in free software soon,
> we'll all be required to have three TLS libraries installed and each

TLS is well defined by an RFC and (used) Internet protocols are know
for good interoperability.  The problematic part is X.509 and all the
different profiles - we can't do much about it except by supporting
the most promising profiles.

> for Unix users until you can manage your CA's, private keys etc across
> applications.  It's blasphemy here, but the integration of CAPI/CSP in
> Windows is just so nice, I wished we had something like that on Unix.

I won't promise anything, but eventually the GNU project will have
something like this.  GNUTLS is just a first step other stuff will
come for sure.  Actually I am preparing for a project which can be the
base for it.



Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus

More information about the Gnutls-devel mailing list