Adam Majer writes: > The configure script seems to prefer Botan over OpenSSL. I'm uncertain > if this is intentional or arbitrary.
=> it is intentional. > Is there any benefit of using Botan over OpenSSL with Kea, aside of > reduced dependency list? Is one crypto backend better tested? => at the beginning the only supported crypto backend was Botan which does the job and has a number of advantages, for instance it is written in C++. But for some reasons, mainly not technical, some customers asked for an alternative crypto backend. So I chose OpenSSL because it was available everywhere and SoftHSMv2 was a good example of a tool using Botan and OpenSSL backends. So the idea was and still is to provide flexibility in the crypto backend choice. Note we use only hash and hmac low level functions so Kea was, is and likely will never be affected by security bugs which can be found in Botan and/or OpenSSL. Regards Francis Dupont <[email protected]> PS: there is a pending fix for the cryptolink library code which requires an OpenSSL version > 9.8. BTW versions <= 9.8 were phased out at the end of 2015 so anyway should be no longer used. _______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
