On Thu, 2011-02-03 at 23:21 +0100, Daniel Stenberg wrote: > I've started a web page with a few different things to compare between SSL > libraries and I'd really appreciate your feedback: > > http://curl.haxx.se/docs/ssl-compared.html
My top two criteria when picking an SSL library for the OpenConnect VPN client: - DTLS support. - Support for using client certificates from a TPM. OpenSSL provides both of those; I don't believe GnuTLS and NSS do. There *is* allegedly some way of getting a TPM to work in them, if you use the whole of the OpenCryptoki framework as a PKCS#11 plugin, and then a TPM module for OpenCryptoki. I never managed to get that to work. FWIW I ended up writing my own HTTP client support for that project, because none of the existing libraries would let me use TPM-based client certificates with the underlying SSL connection. -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
