Daniel Stenberg <[EMAIL PROTECTED]> writes: > On Thu, 3 May 2007, Simon Josefsson wrote: > >> I've created some tables with a comparison between common TLS >> implementations. I'm running short of ideas on things to compare. >> Any ideas or suggestions? The URL is: >> >> http://www.gnu.org/software/gnutls/comparison.html >> >> What do you think? > > I love it! The fact that libcurl supports all three of these also > makes it a great comparison table for me to point out to libcurl > users.
Nice. Btw, I intend to send the link to the OpenSSL/NSS communities, so they can correct any errors and suggest other things to compare too. > A few ideas: > > - Make the Yes/No boxes use different colors (perhaps green/red) to make it > easier to detect the differences when browsing casually. Done. > - The multi-threaded situation. With NSS they say no mutex callbacks are > necessary, with GnuTLS you need to set them in an _underlying_ crypto > library while in OpenSSL you use the OpenSSL API to set them. > > - The random seed situation. I don't know about the NSS in this aspect, but > again with GnuTLS you need to set them in an _underlying_ crypto library > while in OpenSSL you use the OpenSSL API. Added, under a new "Portability concerns" table. It got a bit verbose, comments welcome. > These two latter points are stuff I've planned to discuss with you to > fix in a future GnuTLS but I've not yet had the time. Fixing them would indeed be useful. I'm not happy with how libgcrypt creates additional thread-safety concerns for GnuTLS applications, but fixing it is non-trivial and nobody has offered to work on it or sponsor such work. I expect the random seed API problem will be resolved soon, I noticed some patches went into libgcrypt for this recently. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
