[rsyslog] openssl vs rsyslog
seth vidal
skvidal at fedoraproject.org
Mon Mar 31 21:21:26 CEST 2008
On Mon, 2008-03-31 at 21:10 +0200, Rainer Gerhards wrote:
> Hi sv,
>
> > the library that a lot of folks inside red hat and fedora are driving
> > people to is the mozilla nss library. It handles all the bits openssl
> > does and w/o the licensing problems.
>
> Sounds promising. I just found
>
> http://www.gnu.org/software/gnutls/comparison.html
>
>
> And that makes GNU TLS quite appealing (no wonder given the source ;)).
> Do you happen to have a link which tells why use nss? That would be
> excellent (but I am of course searching myself).
>
nss is fips certified:
http://www.mozilla.org/projects/security/pki/nss/fips/
which makes it easier to use in large gov't agencies.
gnutls is not certified.
nss is also where the fedora/red hat crypto consolidation is going....
there is also an api-helper library for transitioning from openssl to
nss.
if at all possible, go with nss.
-sv
More information about the rsyslog
mailing list