On Fri, May 31, 2013 at 4:42 AM, brian m. carlson <sand...@crustytoothpaste.net> wrote: > On Thu, May 30, 2013 at 04:04:47PM +0200, Bastien ROUCARIES wrote: >> > Cons: >> > >> > - not all crypto libraries are equivalent; choosing one will exclude >> > some functionality provided by others >> >> SEE compat layer >> > - we somehow have to deal with legacy systems that can't convert >> > - adoption of new software that uses something else is harder > > NSS does not support TLS 1.2. Since RC4 is not used securely in TLS, > and the only other choice in TLS 1.1 and earlier is block ciphers with > CBC, this means that there are no secure choices. I know the lack of > TLS 1.2 support has caused customers of $DAYJOB endless heartache with > regard to PCI compliance.
Not true anymore: https://hg.mozilla.org/projects/nss/rev/5a9fa031aca5 Please open a debian bug > > NSS supports fewer algorithms than either OpenSSL or GnuTLS. Please fill bug: Gnutls is really crappy about suid see http://lists.debian.org/debian-devel/2010/03/msg00298.html See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941 And openssl has problem about license.... > -- > brian m. carlson / brian with sandals: Houston, Texas, US > +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only > OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cae2spazib3iezzla-sd3r0ft7ff6pdxkvkrzgxdsn1d7foz...@mail.gmail.com