[Openvas-devel] Start: replacing OpenSSL by GNU/TLS

Daniel Cabezas danielcabezas at hotmail.com
Mon Mar 26 16:26:42 CEST 2007


Hi all,

Don´t want to talk much about an issue which I don´t know well, but why 
aren´t other alternatives studied? I mean, like matrixssl. That stub of 
wrapper functions could make any underlying ssl engine work, and the binary 
deployment responsible would be able to choose which library to link openvas 
against.

IMHO

>From: Tim Brown
>To: openvas-devel
>Subject: Re: [Openvas-devel] Start: replacing OpenSSL by GNU/TLS
>Date: Mon, 26 Mar 2007 15:19:17 +0100
>
>On Monday 26 March 2007 15:09, Jan-Oliver Wagner wrote:
>
> > I am pretty sure the OpenSSL guys do not want this. There is an
> > explicit mentioning of incompatibiliy with GPL. Many other products
> > have had the same problem discussed.
>
>Quite.  They have chosen the licence for their own reasons and I doubt this 
>is
>something that they will change for us.
>
> > > Assuming they will not do this then I agree would make sense to 
>replace
> > > OpenSSL.
> >
> > I fear so, but I see it also as a chance to review the code for secure
> > connections carefully.
> >
> > > Does the lack of FIPS certification cause any problems?
> >
> > I leave this question to the US guys. AFAIKT, this does not concern
> > europe.
>
>Aye, nothing in UK law that requires use of OpenSSL ATM.
>
>One more possible solution would be write our own stub code (of some
>description - separate library?) which would support both OpenSSL and
>GNU/TLS.  Depending on how this was implemented this might be a suitable
>solution - since the stub code would be written by us and could be given an
>exception?  Need to do more reading to confirm if this would be a suitable
>hack.
>
>Tim
>--
>Tim Brown

_________________________________________________________________
Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. 
http://astrocentro.msn.es/




More information about the Openvas-devel mailing list