cURL / Mailing Lists / curl-library / Single Mail


Re: SSL libs compared page

From: David Woodhouse <>
Date: Tue, 15 Feb 2011 08:10:22 +0000

On Thu, 2011-02-03 at 23:21 +0100, Daniel Stenberg wrote:
> I've started a web page with a few different things to compare between SSL
> libraries and I'd really appreciate your feedback:

My top two criteria when picking an SSL library for the OpenConnect VPN

 - DTLS support.
 - Support for using client certificates from a TPM.

OpenSSL provides both of those; I don't believe GnuTLS and NSS do.

There *is* allegedly some way of getting a TPM to work in them, if you
use the whole of the OpenCryptoki framework as a PKCS#11 plugin, and
then a TPM module for OpenCryptoki. I never managed to get that to work.

FWIW I ended up writing my own HTTP client support for that project,
because none of the existing libraries would let me use TPM-based client
certificates with the underlying SSL connection.

David Woodhouse                            Open Source Technology Centre                              Intel Corporation
List admin:
Received on 2011-02-15