- From: Geoff Beier <geoff@redhoundsoftware.com>
- Date: Thu, 14 Nov 2013 20:04:09 -0500
- To: Adrien de Croy <adrien@qbik.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Adrien de Croy wrote: > Does this mean, that if we made TLS mandatory, that effectively we would > be placing the security of the web in the hands of the OpenSSL > contributors. I think it effectively does. libcurl, a popular http library, can use 9 different TLS libraries. They publish a nice comparison chart here: http://curl.haxx.se/docs/ssl-compared.html I do suspect that most people who use libcurl for http support use whichever TLS library is available in their development environment by default, which will be OpenSSL or Secure Channel for the vast majority. Geoff
Received on Friday, 15 November 2013 01:04:34 UTC