Opened 9 years ago
#770 new enhancement
Enable PolarSSL or Botan as a compile-time alternative to OpenSSL
Reported by: | launchpad.net/~posita | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.9.x |
Keywords: | ssl security | Cc: | |
uname -a: | |||
nginx -V: | n/a |
Description
Timing attacks have plagued OpenSSL for over a decade. Having more than one choice for a TLS library is likely a good thing.
To my knowledge, no one has attempted to integrate nginx with Botan (http://botan.randombit.net/), however several forks of nginx have enabled mbed TLS (formerly PolarSSL; https://tls.mbed.org/) support:
- https://github.com/Yawning/nginx-polarssl
- https://github.com/alinefr/nginx-polarssl (fork of Yawning's effort)
There are, of course, other options (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations), but Botan and mbed TLS both show promise. As of this writing, they are the only two libraries to support Curve25519 (which is kind of embarrassing for the rest of the world, but I digress...).
Note:
See TracTickets
for help on using tickets.