Opened 5 years ago
Enable PolarSSL or Botan as a compile-time alternative to OpenSSL
|Reported by:||launchpad.net/~posita||Owned by:|
Timing attacks have plagued OpenSSL for over a decade. Having more than one choice for a TLS library is likely a good thing.
To my knowledge, no one has attempted to integrate nginx with Botan (http://botan.randombit.net/), however several forks of nginx have enabled mbed TLS (formerly PolarSSL; https://tls.mbed.org/) support:
- https://github.com/alinefr/nginx-polarssl (fork of Yawning's effort)
There are, of course, other options (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations), but Botan and mbed TLS both show promise. As of this writing, they are the only two libraries to support Curve25519 (which is kind of embarrassing for the rest of the world, but I digress...).