On Tuesday 21 October 2014 23:09:58 Julien Pierre wrote: > Julien, > > On 10/21/2014 18:02, Julien Vehent wrote: > > NSS is very rarely used in servers. > > Perhaps so statistically, but the products are still around. I notice > that Oracle/iPlanet/RedHat products are absent from the document. > Oracle still ships at the very least iPlanet Web Server, iPlanet Proxy > Server, Oracle Traffic Director, which use NSS currently (I should know > since I work on these). > Some of these have been around for about 18 years in various > incarnations, so we must be doing at least something right. > There are several more as well - Messaging and Directory, which are > still be maintained elsewhere within Oracle. > Red Hat used to ship some servers with mod_nss , though I don't know how > widely it is used. Same with RedHat CMS. > I am sure others from RH can chime in.
yes, RedHat does ship few products that by default use mod_nss. The dominance of OpenSSL on server side still stands, as such we should first make sure that the guide is applicable to OpenSSL and then translate it to nss based servers. As far as I know the OpenSSL feature set is a strict super set of NSS feature set (at least crypto-wise), so translation from OpenSSL to NSS is possible, not so much other way round. It's the same thing with old (0.9.8) vs new openssl... Remember that we list what is safe in general, now what needs to be disabled in OpenSSL to make it safe. So, any comments to the proposed changes in opening mail? -- Regards, Hubert Kario -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
