[gnutls-dev] GnuTLS vs OpenSSL vs NSS

Simon Josefsson simon at josefsson.org
Sun May 27 00:09:00 CEST 2007

rrelyea at redhat.com writes:

> Simon Josefsson-2 wrote:
>> Hi!
>> I've created some tables with a comparison between common TLS
>> implementations.  I'm running short of ideas on things to compare.  Any
>> ideas or suggestions?  The URL is:
>> http://www.gnu.org/software/gnutls/comparison.html
>> What do you think?
>> Also, if you notice any mistakes, or know for sure the status on some I
>> put down as 'No?', please let me know and I'll fix it.
> Hi simon,
> I have a few updates for you:

Hi!  Many thanks.  I have intended to send links to the OpenSSL/NSS
teams, but I haven't felt finished enough with the page to do so yet.  I
am happy to incorporate your suggestions now.

> Under portability concerns, NSS should read:
> NSS Platform requirements - NSPR* Network requirements - NSPR* thread
> safety- NSPR* (uses native platform threads when available, provides
> thread implementation if f necessary) Random Seed - set through native
> OS API, extra entropy grab from installed PKCS #11 modules,
> application can also add entropy on the fly

Added most of it, but I don't understand the last part -- how is the
random seed set through a 'native OS API'?  Does this refer to some NSPR
API?  Or what OS APIs do you mean?  I'm not aware of any standard APIs
for setting random seeds.

> *NSPR(and NSS) has(have) been ported to the following platforms (that
> I know about): AIX, BSD, BeOS, HP-UX, IRIX, Linux, Mac OS X, Mac OS 9,
> OS/2, Solaris, OpenVMS, Amiga DE, Windows, WinCE, Sony playstation.
> Under Developement:
> remove PR_ * from namespace in the NSS page. PR_ is part of the NSPR
> namespace...  crypto library... change NSS from included, monolithic
> to included, PKCS #11 based*
> *On the fly replaceable/augmentable.


> It would be good to add a column on certificate management/storage and
> PKCS #11/token support.
> There's also a missing table to include things like OCSP and CRL
> processing support.

Good ideas, I've added this on the todo list at the bottom of the page.

> Finally, Under Protocol support, the NSS column for SSL2 should say (yes, off by default)



> Thanks
> bob
>> /Simon
>> _______________________________________________
>> Help-gnutls mailing list
>> Help-gnutls at gnu.org
>> http://lists.gnu.org/mailman/listinfo/help-gnutls
> Quoted from: 
> http://www.nabble.com/GnuTLS-vs-OpenSSL-vs-NSS-tf3685816.html#a10302694

More information about the Gnutls-devel mailing list