According to some reports you’d think the security sky was falling. Yes, GnuTLS, an open-source “secure” communications library that implements \Secure-Socket Layer (SSL) and Transport Layer Security (TLS), has serious flaws. The good news? Almost no one uses it. OpenSSL has long been everyone’s favorite open-source security library of choice.
Red Hat discovered the latest in a long-series of GnuTLS bugs .
Latest? Yes, latest.
You see, GnuTLS has long been regarded as being a poor SSL/TLS security library. A 2008 message on the OpenLDAP mailing list had “GnuTLS considered harmful” as its subject — which summed it up nicely.