[Dovecot] v2.1 memory usage

Ed W lists at wildgooses.com
Mon Nov 12 21:31:45 EET 2012


On 12/11/2012 04:13, Daniel L. Miller wrote:

> The tiny bit of Googling I've done tells me GnuTLS
> seems to be a more standards-compliant implementation, and MAY be
> "safer" than OpenSSL. However, as OpenSSL is the de-facto standard used
> by most Linux programs, acceptance of GnuTLS is quite limited. I've been
> intrigued by what I've read about it, and took a quick look at enabling
> support in Dovecot for GnuTLS directly - but while it didn't seem overly
> heavy at first glance the fact that Timo doesn't want to do it tells me
> I'm underestimating the complexity.
>

Openssl is a *massive* project and I'm unsure that gnutls is much 
smaller... We should assume that both are quite scary from a "security" 
point of view.  Licensing is the main thing which divides them, gnutls 
is stated as GPL compatible (however, the nominal incompatibility of 
openssl seems difficult to understand?)

OpenVPN integrated with PolarSSL and got Dutch government official 
approval for the combined package.  I think elsewhere it's stated that 
openssl would not have been approved because something like the codebase 
was too large to inspect and sign off
     http://polarssl.org/news?item=0132

I haven't worked with PolarSSL, so no idea, but it's massively smaller 
codebase is likely attractive if you are the kind of person who actually 
*does* security audits on the software you run in secure situations.

Openssl is just a complete swiss army knife of tools!

Ed W




More information about the dovecot mailing list