[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Using GnuTLS rather than OpenSSL

To: or-dev@xxxxxxxxxxxxx
Subject: Using GnuTLS rather than OpenSSL
From: Linus Nordberg <linus@xxxxxxxxxxx>
Date: Fri, 07 May 2010 12:06:16 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-dev-outgoing@xxxxxxxx
Delivered-to: or-dev@xxxxxxxx
Delivery-date: Fri, 07 May 2010 06:12:12 -0400
Reply-to: or-dev@xxxxxxxxxxxxx
Sender: owner-or-dev@xxxxxxxxxxxxx
User-agent: Gnus/5.13 (Gnus v5.13)

Hi,

In a discussion about memory consumption (buffers) with Roger and Jake,
the question of GnuTLS as an alternative to OpenSSL came up.

One of the things mentioned was the purported lack of support for
ephemeral Diffie-Hellman in GnuTLS.  Since we have its current
maintainer (and, I think, main developer) at arm's reach here I think we
should take the opportunity of meeting with him and discuss this before
Roger leaves Stockholm.

I don't know what Tor needs so I couldn't really judge whether existing
functionality would suffice: gnutls_certificate_set_dh_params(),
gnutls_dh_get_group(), gnutls_dh_get_peers_public_bits(),
gnutls_dh_get_prime_bits(), gnutls_dh_get_pubkey(),
gnutls_dh_get_secret_bits(), gnutls_dh_set_prime_bits()
(http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#Core-functions
).


There might be other issues of course, perhaps licensing or similar.

-- 
Linus

Follow-Ups:
- Re: Using GnuTLS rather than OpenSSL
  - From: Roger Dingledine

Prev by Author: Re: Database schema for metrics portal
Next by Author: Re: Tor hardening at compile time
Previous by thread: Re: The long anticipated move from Flyspray...
Next by thread: Re: Using GnuTLS rather than OpenSSL
Index(es):
- Author
- Thread