Using GnuTLS rather than OpenSSL

Linus Nordberg linus at
Fri May 7 10:06:16 UTC 2010


In a discussion about memory consumption (buffers) with Roger and Jake,
the question of GnuTLS as an alternative to OpenSSL came up.

One of the things mentioned was the purported lack of support for
ephemeral Diffie-Hellman in GnuTLS.  Since we have its current
maintainer (and, I think, main developer) at arm's reach here I think we
should take the opportunity of meeting with him and discuss this before
Roger leaves Stockholm.

I don't know what Tor needs so I couldn't really judge whether existing
functionality would suffice: gnutls_certificate_set_dh_params(),
gnutls_dh_get_group(), gnutls_dh_get_peers_public_bits(),
gnutls_dh_get_prime_bits(), gnutls_dh_get_pubkey(),
gnutls_dh_get_secret_bits(), gnutls_dh_set_prime_bits()

There might be other issues of course, perhaps licensing or similar.


More information about the tor-dev mailing list