[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful

--On Thursday, February 21, 2008 12:06 AM -0800 Howard Chu <hyc@symas.com> wrote:

I expect that a port to Mozilla's NSS wouldn't be
too much more difficult, although of course Howard would be the person to
ask for an estimate.

I would think there are other developers here who are familiar with Mozilla NSS and can read the code in libldap/tls.c. It's certainly not high on my list at the moment since OpenSSL works for me. One thing that I find rather annoying about NSS is its use of a private certificate/keystore that requires additional tools to manipulate.

When Stanford was looking at an OpenSSL alternative, Mozilla's NSS was brought up then. There was a discussion on IRC's #ldap channel about it at that time, IIRC, and it was found deficient in a number of areas. Not that I recall what they all were. ;)



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration