Opened 4 years ago

#770 new enhancement

Enable PolarSSL or Botan as a compile-time alternative to OpenSSL

Reported by: launchpad.net/~posita Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.9.x
Keywords: ssl security Cc:
uname -a:
nginx -V: n/a

Description

Timing attacks have plagued OpenSSL for over a decade. Having more than one choice for a TLS library is likely a good thing.

To my knowledge, no one has attempted to integrate nginx with Botan (http://botan.randombit.net/), however several forks of nginx have enabled mbed TLS (formerly PolarSSL; https://tls.mbed.org/) support:

There are, of course, other options (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations), but Botan and mbed TLS both show promise. As of this writing, they are the only two libraries to support Curve25519 (which is kind of embarrassing for the rest of the world, but I digress...).

Change History (0)

Note: See TracTickets for help on using tickets.