Practical Technology

for practical people.

GnuTLS: Big internal bugs, few real-world problems

According to some reports you’d think the security sky was falling. Yes, GnuTLS, an open-source “secure” communications library that implements \Secure-Socket Layer (SSL) and Transport Layer Security (TLS), has serious flaws. The good news? Almost no one uses it. OpenSSL has long been everyone’s favorite open-source security library of choice.

Red Hat discovered the latest in a long-series of GnuTLS bugs .

Latest? Yes, latest.

You see, GnuTLS has long been regarded as being a poor SSL/TLS security library. A 2008 message on the OpenLDAP mailing list had “GnuTLS considered harmful” as its subject — which summed it up nicely.

GnuTLS: Big internal bugs, few real-world problems. More>

Comments are closed.