[ldns-users] DNSSEC && OpenSSL
Tony Finch
dot at dotat.at
Wed Aug 27 11:04:47 UTC 2014
Thomas Winget <tewinget at gmail.com> wrote:
>
> I'm considering using ldns (or OpenDNSSEC) in a C++ project, but due to
> recent events with OpenSSL there's a certain apprehension in the project
> toward using something that depends on it. Are there any plans to move
> toward something like Mozilla's NSS, or perhaps offer it as an option?
Note that most of the recent problems in OpenSSL have been in its TLS and
DTLS protocol handling. Its underlying crypto primitives are much less
problematic. DNSSEC software generally doesn't use TLS or DTLS (it links
with libcrypto but not libssl) so depending on OpenSSL is not too
worrying.
But don't let that discourage you from adding support for other crypto
libraries if you want to :-)
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Trafalgar: Cyclonic in northwest, otherwise mainly northerly or northwesterly
5 or 6. Slight or moderate. Showers in northwest. Good.
More information about the ldns-users
mailing list