Project

General

Profile

Feature #1218

alternate ssl backend

Added by Anonymous about 13 years ago. Updated 3 days ago.

Status:
Fixed
Priority:
Low
Category:
TLS
Target version:
ASK QUESTIONS IN Forums:
No

Description

would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL. similar project for apache here; http://directory.fedoraproject.org/wiki/Mod_nss

some new processors / crypto cards only have support for accelerating ssl through nss.

-- kieran

#1

Updated by gstrauss about 4 years ago

  • Description updated (diff)
  • Category changed from mod_ssi to TLS
  • Assignee deleted (jan)
  • Target version deleted (1.5.0)
#2

Updated by gstrauss almost 2 years ago

Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.

#3

Updated by gstrauss 4 months ago

  • Status changed from New to Need Feedback

would be nice if lighttpd https support could be implemented with NSS alongside OpenSSL.
some new processors / crypto cards only have support for accelerating ssl through nss.

==> Is that still the case? Is there still interest in lighttpd supporting the Mozilla NSS crypto libraries?

If there is, please help document specific reasons why Mozilla NSS crypto libraries are the right or best choice.
There are numerous TLS implementations (https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations) and it takes quite a bit of effort to add lighttpd support.

Current links:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
https://nss-crypto.org/
https://pagure.io/mod_nss (Apache module)

.

Related: in addition to OpenSSL, lighttpd can be built against the openssl-compatibility layers provided by LibreSSL, BoringSSL, and wolfSSL.

Also, experimental support for mbedTLS is on my lighttpd development branch https://git.lighttpd.net/lighttpd/lighttpd1.4.git/?h=personal%2Fgstrauss%2Fmaster

#4

Updated by gstrauss 14 days ago

  • Status changed from Need Feedback to Patch Pending
  • Target version set to 1.4.56
  • ASK QUESTIONS IN Forums set to No

EXPERIMENTAL and INCOMPLETE mod_nss will be committed to the lighttpd master branch soon.

Overall, the NSS library is severely lacking in library documentation, as in non-existent besides brief doc for some tools built to use NSS.

My opinion: NSS is extremely unfriendly to develop against, moreso for server usage. NSS seems to have gotten more attention as a client library.

#5

Updated by gstrauss 3 days ago

  • Status changed from Patch Pending to Fixed

Also available in: Atom