On Thu, May 30, 2013 at 04:04:47PM +0200, Bastien ROUCARIES wrote: > > Cons: > > > > - not all crypto libraries are equivalent; choosing one will exclude > > some functionality provided by others > > SEE compat layer > > - we somehow have to deal with legacy systems that can't convert > > - adoption of new software that uses something else is harder
NSS does not support TLS 1.2. Since RC4 is not used securely in TLS, and the only other choice in TLS 1.1 and earlier is block ciphers with CBC, this means that there are no secure choices. I know the lack of TLS 1.2 support has caused customers of $DAYJOB endless heartache with regard to PCI compliance. NSS supports fewer algorithms than either OpenSSL or GnuTLS. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
