curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL backend: gnutls or openssl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 7 May 2018 16:06:54 +0200 (CEST)

On Mon, 7 May 2018, Viacheslav Salnikov wrote:

> I have a question regarding SSL backend for CURL. For me, there are two
> choices: gnutls or openssl. I saw a table with comparison for those
> libraries, of course.

We have our own table for some of that info here:

   https://curl.haxx.se/docs/ssl-compared.html

> But my questions are about curl work. Does it matter what SSL backend is
> used? Can backend change break cURL workflow (for some reason)?

For the few places where it matters, that should be documented. There are a
few options that will work (differently) depending on the backend, but they
also typically work a little differently depending on how that particular TLS
library was built as well. Like none of them enable SSLv2 or SSLv3 these days
and they start to switch off TLS v1.0 also unless built specifically.

These are the two big differences I can think of:

- CURLOPT_SSL_CTX_FUNCTION works totally different depending on the specific
   TLS backend in use. See
   https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html

- The need for multi-threaded mutex callbacks (or not). See
   https://curl.haxx.se/libcurl/c/threadsafe.html for details

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2018-05-07