View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003222 | unreal | ircd | public | 2007-02-02 10:32 | 2016-03-27 11:38 |
| Reporter | djGrrr | Assigned To | syzop | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | no change required | ||
| Product Version | 3.4-alpha3 | ||||
| Summary | 0003222: Allow a choice between OpenSSL and GnuTLS | ||||
| Description | I was thinking, it might be nice to be able to use GnuTLS in the place of OpenSSL. Apparently GnuTLS can give much better performance over OpenSSL. A choice to use one or the other in ./Config would work nicely. Obviously this would not be a simple task, but I think it would be a nice addition. What does everyone else think ? good ? bad ? maybe ? | ||||
| 3rd party modules | |||||
|
|
actually, as using Insp and Unreal, i think its a good idea ;) |
|
|
Dunno, for those who like GnuTLS more this would be good, but this performance is maybe because it uses a weaker encryption orso? I couldn't even establish a AES 256bit connection, "only" some three-ciphered 168bit connection, though that was between an OpenSSL'd client and a GnuTLS'd server... maybe if both were GnuTLS..., but still should have worked (provided GnuTLS does even support AES...) |
|
|
GnuTLS is more secure than OpenSSL, since it doesn't support even support old insecure stuff like SSLv2 If you couldn't establish a 256bit AES connection with a GnuTLS server its because you did not do it right, as it most definetly supports it. http://www.gnu.org/software/gnutls/manual/html_node/All-the-supported-ciphersuites-in-GnuTLS.html |
|
|
Bump. New I/O probably. |
|
|
I agree, this would be nice. Unfortunately also a lot of work. Something to seriously consider implementing in 3.4.x. Other 3.4-alpha goals have higher priority, though. |
|
|
Seeing the considerable amount of work/testing/maintenance and little added benefit for end-users, I think such resources are better spent on other areas/improvements. I must also confess that I have been developing a profound hate regarding GnuTLS since various Debian packages started using it. The error messages are even worse than OpenSSL, very generic and don't help you a thing when something doesn't work. I'm talking from a users-perspective here, not even dev. Nowadays we also have the LibreSSL initiative which gives us an interesting alternative to OpenSSL with none or only minimal changes. I think we should go that way. |
|
|
I'm marking this feature request as closed, so there are no false expectations. Have also created 0004605 to see if our Windows build could use LibreSSL rather than OpenSSL. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-02-02 10:32 | djGrrr | New Issue | |
| 2007-02-02 20:38 | Bricker | Note Added: 0013166 | |
| 2007-02-14 18:51 | Robby22 | Note Added: 0013217 | |
| 2007-02-14 18:56 | djGrrr | Note Added: 0013218 | |
| 2007-04-19 04:48 |
|
Note Added: 0013600 | |
| 2007-04-19 04:48 |
|
Status | new => acknowledged |
| 2015-06-15 12:15 | syzop | Note Added: 0018391 | |
| 2015-06-15 12:15 | syzop | Assigned To | => syzop |
| 2015-06-15 12:15 | syzop | Status | acknowledged => confirmed |
| 2015-06-15 12:16 | syzop | Note Edited: 0018391 | |
| 2015-06-15 12:16 | syzop | Product Version | 3.3-alpha0 => 3.4-alpha3 |
| 2016-03-27 11:32 | syzop | Note Added: 0019150 | |
| 2016-03-27 11:38 | syzop | Note Added: 0019151 | |
| 2016-03-27 11:38 | syzop | Status | confirmed => closed |
| 2016-03-27 11:38 | syzop | Resolution | open => no change required |
