[Privoxy-devel] mbedtls-3.0 support
Fabian Keil
fk at fabiankeil.de
Mon Dec 13 17:04:32 UTC 2021
Andrew Savchenko <bircoph at gmail.com> wrote on 2021-12-13 at 19:26:41:
> mbedtls-3.0 is available. Please consider migration or at leas
> adding its support:
> https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md
Thanks for the suggestion.
While I'm not opposed to adding optional support for MbedTLS 3.0
I think it's worth mentioning that it has a less attractive license
from Privoxy's GPLv2+ point of view.
Usually MbedTLS is not part of the operating system so
the fact that "newer releases (since 2.17) are distributed
under Apache license only" is inconvenient for people who
want to distribute Privoxy binaries to third parties:
<https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-October/000213.html>
There is also work in progress to add wolfSSL support and once
the support is available I'd expect most MbedTLS users to switch.
wolfSSL continues to be available under the GPLv2, it supports
TLSv1.3 (and supposedly some "post-quantum" stuff) and it seems
to generally perform better than MbedTLS (on my amd64 systems):
<https://www.fabiankeil.de/gehacktes/privoxy-tls-benchmarks/>
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20211213/5f18a385/attachment.bin>
More information about the Privoxy-devel
mailing list