Using GnuTLS rather than OpenSSL

Linus Nordberg linus at nordberg.se
Fri May 7 10:06:16 UTC 2010


Hi,

In a discussion about memory consumption (buffers) with Roger and Jake,
the question of GnuTLS as an alternative to OpenSSL came up.

One of the things mentioned was the purported lack of support for
ephemeral Diffie-Hellman in GnuTLS.  Since we have its current
maintainer (and, I think, main developer) at arm's reach here I think we
should take the opportunity of meeting with him and discuss this before
Roger leaves Stockholm.

I don't know what Tor needs so I couldn't really judge whether existing
functionality would suffice: gnutls_certificate_set_dh_params(),
gnutls_dh_get_group(), gnutls_dh_get_peers_public_bits(),
gnutls_dh_get_prime_bits(), gnutls_dh_get_pubkey(),
gnutls_dh_get_secret_bits(), gnutls_dh_set_prime_bits()
(http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#Core-functions
).


There might be other issues of course, perhaps licensing or similar.

-- 
Linus



More information about the tor-dev mailing list