OpenConnect 5.99 release

Mike Miller mtmiller at ieee.org
Thu Mar 6 08:36:54 EST 2014


On Thu, Mar 06, 2014 at 09:08:32 +0000, David Woodhouse wrote:
> This does raise the question of whether we should consider dropping
> GnuTLS 2.x support altogether. There's a bunch of evil in the
> certificate handling code — especially for the TPM — which could be
> dropped. And anyone using GnuTLS 2.x, unless they eschew DTLS
> completely, is going to have to link against OpenSSL *anyway*.
> 
> The disadvantages are that existing GnuTLS 2.x users would lose PKCS#11
> support, and the licensing issue of using OpenSSL from within KDE's
> NetworkManager tool.
> 
> Any idea how long you're going to need to support GnuTLS 2.x?

AIUI the remaining blocker is the licensing on GMP. There was a
discussion about this a couple of months ago [1][2], and it sounded like
once we have a GMP 5.2 release that is compatible with GPLv2+, we should
be able to make GnuTLS 3 the default.

[1] https://lists.debian.org/debian-devel/2013/12/msg00329.html
[2] https://lists.debian.org/debian-devel/2014/01/msg00538.html

-- 
mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20140306/f71dd38f/attachment.sig>


More information about the openconnect-devel mailing list