Re: Mandatory TLS == OpenSSL everywhere? !?!

Adrien de Croy wrote:

> Does this mean, that if we made TLS mandatory, that effectively we would
> be placing the security of the web in the hands of the OpenSSL
> contributors. I think it effectively does.

libcurl, a popular http library, can use 9 different TLS libraries.

They publish a nice comparison chart here:

I do suspect that most people who use libcurl for http support use 
whichever TLS library is available in their development environment by 
default, which will be OpenSSL or Secure Channel for the vast majority.


Received on Friday, 15 November 2013 01:04:34 UTC