Using GnuTLS rather than OpenSSL
Linus Nordberg
linus at nordberg.se
Fri May 7 10:06:16 UTC 2010
Hi,
In a discussion about memory consumption (buffers) with Roger and Jake,
the question of GnuTLS as an alternative to OpenSSL came up.
One of the things mentioned was the purported lack of support for
ephemeral Diffie-Hellman in GnuTLS. Since we have its current
maintainer (and, I think, main developer) at arm's reach here I think we
should take the opportunity of meeting with him and discuss this before
Roger leaves Stockholm.
I don't know what Tor needs so I couldn't really judge whether existing
functionality would suffice: gnutls_certificate_set_dh_params(),
gnutls_dh_get_group(), gnutls_dh_get_peers_public_bits(),
gnutls_dh_get_prime_bits(), gnutls_dh_get_pubkey(),
gnutls_dh_get_secret_bits(), gnutls_dh_set_prime_bits()
(http://www.gnu.org/software/gnutls/manual/html_node/Core-functions.html#Core-functions
).
There might be other issues of course, perhaps licensing or similar.
--
Linus
More information about the tor-dev
mailing list