Project

General

Profile

Actions

Feature #1218

closed

alternate ssl backend

Added by Anonymous over 17 years ago. Updated over 4 years ago.

Status:
Fixed
Priority:
Low
Category:
TLS
Target version:
ASK QUESTIONS IN Forums:
No

Description

would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL. similar project for apache here; http://directory.fedoraproject.org/wiki/Mod_nss

some new processors / crypto cards only have support for accelerating ssl through nss.

-- kieran

Actions #1

Updated by gstrauss over 8 years ago

  • Description updated (diff)
  • Category changed from mod_ssi to TLS
  • Assignee deleted (jan)
  • Target version deleted (1.5.0)
Actions #2

Updated by gstrauss about 6 years ago

Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.

Actions #3

Updated by gstrauss over 4 years ago

  • Status changed from New to Need Feedback

would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL.
some new processors / crypto cards only have support for accelerating ssl through nss.

==> Is that still the case? Is there still interest in lighttpd supporting the Mozilla NSS crypto libraries?

If there is, please help document specific reasons why Mozilla NSS crypto libraries are the right or best choice.
There are numerous TLS implementations (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations) and it takes quite a bit of effort to add lighttpd support.

Current links:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
https://nss-crypto.org/
https://pagure.io/mod_nss (Apache module)

.

Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.

Also, experimental support for mbedTLS is on my lighttpd development branch https://git.lighttpd.net/lighttpd/lighttpd1.4.git/?h=personal%2Fgstrauss%2Fmaster

Actions #4

Updated by gstrauss over 4 years ago

  • Status changed from Need Feedback to Patch Pending
  • Target version set to 1.4.56
  • ASK QUESTIONS IN Forums set to No

EXPERIMENTAL and INCOMPLETE mod_nss will be committed to the lighttpd master branch soon.

Overall, the NSS library is severely lacking in library documentation, as in non-existent besides brief doc for some tools built to use NSS.

My opinion: NSS is extremely unfriendly to develop against, moreso for server usage. NSS seems to have gotten more attention as a client library.

Actions #5

Updated by gstrauss over 4 years ago

  • Status changed from Patch Pending to Fixed
Actions

Also available in: Atom