cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL libs compared page

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Tue, 15 Feb 2011 08:10:22 +0000

On Thu, 2011-02-03 at 23:21 +0100, Daniel Stenberg wrote:
> I've started a web page with a few different things to compare between SSL
> libraries and I'd really appreciate your feedback:
>
> http://curl.haxx.se/docs/ssl-compared.html

My top two criteria when picking an SSL library for the OpenConnect VPN
client:

 - DTLS support.
 - Support for using client certificates from a TPM.

OpenSSL provides both of those; I don't believe GnuTLS and NSS do.

There *is* allegedly some way of getting a TPM to work in them, if you
use the whole of the OpenCryptoki framework as a PKCS#11 plugin, and
then a TPM module for OpenCryptoki. I never managed to get that to work.

FWIW I ended up writing my own HTTP client support for that project,
because none of the existing libraries would let me use TPM-based client
certificates with the underlying SSL connection.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse_at_intel.com                              Intel Corporation
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-02-15