Feature #1218
closedalternate ssl backend
Description
would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL. similar project for apache here; http://directory.fedoraproject.org/wiki/Mod_nss
some new processors / crypto cards only have support for accelerating ssl through nss.
-- kieran
Updated by gstrauss over 8 years ago
- Description updated (diff)
- Category changed from mod_ssi to TLS
- Assignee deleted (
jan) - Target version deleted (
1.5.0)
updated link: https://fedorahosted.org/mod_nss/
Updated by gstrauss about 6 years ago
Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.
Updated by gstrauss almost 5 years ago
- Status changed from New to Need Feedback
would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL.
some new processors / crypto cards only have support for accelerating ssl through nss.
==> Is that still the case? Is there still interest in lighttpd supporting the Mozilla NSS crypto libraries?
If there is, please help document specific reasons why Mozilla NSS crypto libraries are the right or best choice.
There are numerous TLS implementations (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations) and it takes quite a bit of effort to add lighttpd support.
Current links:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
https://nss-crypto.org/
https://pagure.io/mod_nss (Apache module)
.
Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.
Also, experimental support for mbedTLS is on my lighttpd development branch https://git.lighttpd.net/lighttpd/lighttpd1.4.git/?h=personal%2Fgstrauss%2Fmaster
Updated by gstrauss over 4 years ago
- Status changed from Need Feedback to Patch Pending
- Target version set to 1.4.56
- ASK QUESTIONS IN Forums set to No
EXPERIMENTAL and INCOMPLETE mod_nss will be committed to the lighttpd master branch soon.
Overall, the NSS library is severely lacking in library documentation, as in non-existent besides brief doc for some tools built to use NSS.
My opinion: NSS is extremely unfriendly to develop against, moreso for server usage. NSS seems to have gotten more attention as a client library.
Updated by gstrauss over 4 years ago
- Status changed from Patch Pending to Fixed
Applied in changeset e00deb5578d586ff3b535f96ca684f233c0e7681.
Also available in: Atom