[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Using GnuTLS rather than OpenSSL



Hi,

In a discussion about memory consumption (buffers) with Roger and Jake,
the question of GnuTLS as an alternative to OpenSSL came up.

One of the things mentioned was the purported lack of support for
ephemeral Diffie-Hellman in GnuTLS.  Since we have its current
maintainer (and, I think, main developer) at arm's reach here I think we
should take the opportunity of meeting with him and discuss this before
Roger leaves Stockholm.

I don't know what Tor needs so I couldn't really judge whether existing
functionality would suffice: gnutls_certificate_set_dh_params(),
gnutls_dh_get_group(), gnutls_dh_get_peers_public_bits(),
gnutls_dh_get_prime_bits(), gnutls_dh_get_pubkey(),
gnutls_dh_get_secret_bits(), gnutls_dh_set_prime_bits()
(http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#Core-functions
).


There might be other issues of course, perhaps licensing or similar.

-- 
Linus