On Mon, 7 May 2018, Viacheslav Salnikov wrote:
I have a question regarding SSL backend for CURL. For me, there are two choices: gnutls or openssl. I saw a table with comparison for those libraries, of course.
We have our own table for some of that info here: https://curl.haxx.se/docs/ssl-compared.html
But my questions are about curl work. Does it matter what SSL backend is used? Can backend change break cURL workflow (for some reason)?
For the few places where it matters, that should be documented. There are a few options that will work (differently) depending on the backend, but they also typically work a little differently depending on how that particular TLS library was built as well. Like none of them enable SSLv2 or SSLv3 these days and they start to switch off TLS v1.0 also unless built specifically.
These are the two big differences I can think of: - CURLOPT_SSL_CTX_FUNCTION works totally different depending on the specific TLS backend in use. See https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html - The need for multi-threaded mutex callbacks (or not). See https://curl.haxx.se/libcurl/c/threadsafe.html for details -- / daniel.haxx.se ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
