[ldns-users] DNSSEC && OpenSSL
Thomas Winget
tewinget at gmail.com
Wed Aug 27 18:06:54 UTC 2014
Well damn, I didn't necessarily expect a reply overnight, let alone 3.
Neat!
Tony, thanks for the info on libcrypto vs libssl, we'll keep that in mind!
At some point we're going to want SSL support in our project for other
things though, and it looks like we might go with NSS, so if we do and do
end up modifying ldns to use it (optionally) we'll definitely PR it.
Until then, take care all and thanks again!
On Wed, Aug 27, 2014 at 7:04 AM, Tony Finch <dot at dotat.at> wrote:
> Thomas Winget <tewinget at gmail.com> wrote:
> >
> > I'm considering using ldns (or OpenDNSSEC) in a C++ project, but due to
> > recent events with OpenSSL there's a certain apprehension in the project
> > toward using something that depends on it. Are there any plans to move
> > toward something like Mozilla's NSS, or perhaps offer it as an option?
>
> Note that most of the recent problems in OpenSSL have been in its TLS and
> DTLS protocol handling. Its underlying crypto primitives are much less
> problematic. DNSSEC software generally doesn't use TLS or DTLS (it links
> with libcrypto but not libssl) so depending on OpenSSL is not too
> worrying.
>
> But don't let that discourage you from adding support for other crypto
> libraries if you want to :-)
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> Trafalgar: Cyclonic in northwest, otherwise mainly northerly or
> northwesterly
> 5 or 6. Slight or moderate. Showers in northwest. Good.
>
--
Thomas Winget
Computer Engineering
Purdue University '12
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20140827/000b8832/attachment.htm>
More information about the ldns-users
mailing list