Demi Marie Obenour
Demi Marie Obenour
Any sort of event loop that OpenSSL tried to support would need to cover a huge variety of platforms. Linux epoll and io_uring, Windows IOCP and IoRing, and \*BSD kqueue...
> > does not own any buffers > > I'd like to understand what motivates this statement. Possibly this is related to wanting to use features such as "sendmmsg" or...
I honestly recommend that OpenSSL use an external library for QUIC support. Cloudflare’s quiche is my preferred choice, as it is written in Rust and thus (hopefully) memory-safe.
Another advantage of this approach is that a FIPS 140-2 certified implementation could be used where needed. I don’t have such a need, but others do.
> What is your issue with _ring_'s approach to backwards compatibility? Updates to _ring_ require time before they can propagate through the ecosystem; during this time, people are running an...
> As a community we should aim for getting rustls + webpki + ring certified. FIPS 140-2 certification is very expensive (tens of thousands of USD, IIRC) and very time-consuming...
@briansmith I do not. I merely brought it up because I know some people do, and as a reason someone might want to use an alternate crypto backend.
> @DemiMarie Do you yourself need FIPS support? If not, why don't we drop that topic and wait for somebody who actually needs it to ask for it. Red Hat...
> Ran into so many problem with building `ring` (cross-compiling, linking, etc). This is one of the reason why we dropped `rustls` in favor of `openssl`. Seems like `crypto` should...
> People who need that might be better served by using rust-native-tls. I consider rustls to be a better TLS implementation than OpenSSL. The majority of OpenSSL’s security holes have...