On 2016-02-25 18:05, Pieter Lexis wrote:
<snip>
So first off, we don't use the TLS stacks from any of the crypto
libraries, just the hash and cryptographic primitives to sign for
DNSSEC, so we're most likely hardly affected by OpenSSL TLS issues.
The main reason we switched to OpenSSL is that in our testing, we
noticed that signature generation was an order of magnitude faster
with OpenSSL compared to mbedTLS and Crypto++ due to the ASM
optimizations of OpenSSL. I tested builing against LibreSSL 2.3, which
works :), so you can always do that.
Thanks Pieter, that's the missing info. :)
+ Justin
_______________________________________________
Pdns-dev mailing list
Pdns-dev@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-dev
