From: "Heikki Linnakangas" <hlinnakangas@vmware.com>
> Thoughts? While we're at it, we'll probably want to refactor things so
> that it's easy to support other SSL implementations too, like gnutls.
That may be good because it provides users with choices. But I wonder if it
is worth the complexity and maintainability of PostgreSQL code.
* Are SChannel and other libraries more secure than OpenSSL? IIRC, recently
I read in the news that GnuTLS had a vulnerability. OpenSSL is probably the
most widely used library, and many people are getting more interested in its
quality. I expect the quality will improve thanks to the help from The
Linux foundation and other organizations/researchers.
* Do other libraries get support from commercial vendor product support?
For example, Safenet Inc., the famous HSM (hardware security module) vendor,
supports OpenSSL to access the private key stored in its HSM product. Intel
offered AES-NI implementation code to OpenSSL community. I guess OpenSSL
will continue to be the most functional and obtain the widest adoption and
support.
Regards
MauMau
