-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
compare with stunnel #198
Comments
To quote another security researcher,
Given the history of OpenSSL security flaws, I'd say that not relying on it (which stunnel does) was a good decision! |
But from what I understand you do use OpenSSL for crypto, is that right? Are the concerns solely on TLS or X509 or what? :) |
We use some of the basic crypto primitives; none of the higher level routines. Most of the worst bugs in OpenSSL have been protocol or parsing issues. That said, we should probably get some benchmarks done at some point. |
Only the AES code; no SSL. It's easy to see what's at risk:
Those files are relatively short:
so it's easy to check them. And they don't involve a lot of OpenSSL code. |
Hello!
Interesting project, I'm surprised that I didn't hear about it before! :) It would be great, for old graybeards like me, to see a comparison between spiped and stunnel. They both seem to serve similar purposes but I understand they differ in implementation (and maybe performance? or reliability?).
For someone used to deploying stunnel stuff everywhere, why would we switch to spiped?
The text was updated successfully, but these errors were encountered: