cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Proposed changes to SSL comparison documentation

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Sat, 4 May 2013 22:58:17 -0600

On May 4, 2013, at 4:56 PM, Steve Holme <steve_holme_at_hotmail.com> wrote:

> Generally speaking, I like what you've done here Nick... The comparison is a
> lot more informative and information more useful. However I have a few
> comments:
>
> * Would it be better to state *nix rather than Unix in the platform list?

What about "POSIX"? That is a group that would include GNU, BSD, and Unix.

> * Do we need to include both Windows CE and NT in the platform list - Does
> libcurl still compile on CE? Probable answer is yes but I just wanted to
> raise the question.

I think so, but I haven't tried building it myself� The code in curl_schannel.c suggests it will build.

> * I'm not sure about the version number for Secure Channel being "Windows
> 7". In some respects I would rather see v6.1.7601 as that is the version
> number for Windows 7 SP1 and covers both Windows 7 and Windows Server 2008
> R2 but then maybe it should be v6.2.9200 for Windows 8 and Windows Server
> 2012 being the latest version of the OS.

Good point.

> * Rather than stating "Not present in older versions of OpenSSL" do you know
> the required version of OpenSSL for TLS SRP?

SRP was added in 1.0.1. But a lot of computers are still running older versions of OpenSSL for various reasons; Apple, for example, ships Mountain Lion with 0.9.8 and I doubt they will upgrade it in the next cat. So I'd rather not keep peoples' hopes up.

> * You're missing a full stop at the end of the QSOSSL details line -
> "OS/400" should be "OS/400." for consistency ;-)

I didn't write that, nor did I write about NSS. Maybe that section can be chopped out and replaced with a "most famous application other than curl" section. :) Especially since "OS/400" is called "IBM i" these days according to Wikipedia.

Here's an updated version.

Nick Zitzmann
<http://www.chronosnet.com/>

cURL - SSL libraries compared

cURL

Docs

SSL libraries compared

Compare SSL libraries

This comparison only involves SSL/TLS libraries that libcurl can be built to use.

Feature	OpenSSL	GnuTLS	NSS	CyaSSL	QSOSSL	PolarSSL	axTLS	Secure Channel	Secure Transport
TLS SRP	yes*	yes	no	no	no	no	no	no	no
TLS ECC	yes	no	yes	no	?	?	no	yes***	yes**
Native CN check	no	yes	yes	yes	yes	yes	yes	yes	yes
CRL	manual	manual	automatic	?	no	manual	no	automatic	automatic
SSLv2	yes	no	yes	no	no	no	no	yes	yes
SSLv3	yes	yes	yes	yes	yes	yes	no	yes	yes
TLSv1.0	yes	yes	yes	yes	yes	yes	yes	yes	yes
TLSv1.1	yes*	yes	yes	yes	?	yes	yes	yes	yes**
TLSv1.2	yes*	yes	no	yes	?	?	no	yes****	yes**
Small	no	no	no	yes	N/A	yes	yes	N/A	N/A
Platforms	POSIX, Windows, VMS	POSIX, Windows	POSIX, Windows	POSIX, Windows	IBM i	POSIX, Windows	POSIX, Windows	Windows (CE and NT)	Darwin (inc. iOS and Mac OS X)
Uses Certificate/Key Files	yes	yes	yes	yes	?	yes	yes	no	no
Uses Certificate/Key Database	no	no	yes	no	?	no	no	yes	yes
FIPS-140	yes	no	yes	no	no	no	no	yes	yes
OpenSSL-like API	N/A	limited	separate	no	limited	no	limited	no	digests only
Vendor	OpenSSL Project	Free Software Foundation	Mozilla Foundation	wolfSSL	IBM Corporation	Offspark B.V.	Cameron Rich	Microsoft Corporation	Apple Inc.
License	4-clause BSD	LGPL	MPL/LGPL/GPL	GPLv2 / prop	?	GPLv2 / prop	BSD	Proprietary	APSL 2.0
First release	1998	2004?	?	2006	?	2006	2006	2000	2003?
Version	1.0.1c	2.10.4	3.12.4	1.9.0	?	0.14.0	1.4.5	6.2.9200	55179
Most Famous Application	Apache HTTPD	GNOME	Mozilla Firefox	MySQL	IBM HTTPD	Hiawatha HTTPD	?	Microsoft Internet Explorer	Apple Safari

* Not present in older versions of OpenSSL
** Requires iOS 5.0 or later, or OS X 10.8.0 or later
*** Requires Windows Vista or later
**** Requires Windows 7 or later

curl-library

Re: Proposed changes to SSL comparison documentation

Compare SSL libraries

More reading