cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL libs compared page

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Tue, 15 Feb 2011 08:10:22 +0000

On Thu, 2011-02-03 at 23:21 +0100, Daniel Stenberg wrote:
> I've started a web page with a few different things to compare between SSL
> libraries and I'd really appreciate your feedback:
>
> http://curl.haxx.se/docs/ssl-compared.html

My top two criteria when picking an SSL library for the OpenConnect VPN
client:

- DTLS support.
- Support for using client certificates from a TPM.

OpenSSL provides both of those; I don't believe GnuTLS and NSS do.

There *is* allegedly some way of getting a TPM to work in them, if you
use the whole of the OpenCryptoki framework as a PKCS#11 plugin, and
then a TPM module for OpenCryptoki. I never managed to get that to work.

FWIW I ended up writing my own HTTP client support for that project,
because none of the existing libraries would let me use TPM-based client
certificates with the underlying SSL connection.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse_at_intel.com                              Intel Corporation
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-02-15

This message: [ Message body ]
Next message: Dima Tisnek: "ares_reinit patch"
Previous message: Daniel Stenberg: "bugs with GnuTLS (was Re: SSL libs compared page)"
In reply to: Daniel Stenberg: "SSL libs compared page"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]