-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Investigate using OpenSSL (again) #104
Comments
Mozilla’s NSS is another alternative, BTW. |
@DemiMarie Perhaps, however if the point is to minimize the number of TLS libraries needed for a minimal install, using OpenSSL is a no-brainer... |
Amazon’s s2n would actually be the one I prefer for server-side use, BTW. |
@DemiMarie Hadn't heard of s2n, but looking at it I see a few issues:
|
The reason I suggested s2n is that it has less attack surface in the TLS layer. OpenSSL’s crypto code has a good track record.
Git master does at least. Not sure if that has made it into a release. |
Are there any reasons why currently used gnutls is worse than OpenSSL? |
As a distro package maintainer, I would ask to avoid using libraries with potentially unstable API and ABI, it will be a pain to maintain (do not know how stable s2n is, but usually such libraries do not maintain backwards compatibility properly and may even forget to bump sonmae when breaking ABI). |
Why do you state this? |
would be nice, I would very much like to include CUPS in the |
This is now implemented (PR #362) for CUPS 2.4.2! |
So is this specifically now OpenSSL1 and not OpenSSL3? |
@nanonyme You can use OpenSSL 1.x or 3.x. |
By popular request, will reconsider removal of OpenSSL in CUPS 1.x for CUPS 3.0.
The text was updated successfully, but these errors were encountered: