Wichert Akkerman wichert at
Tue Mar 24 20:09:20 CET 2009

Previously Alan DeKok wrote:
> Carolin Latze wrote:
> > I was searching for some time now and I found a lot of messages from
> > people who wanted to replace the OpenSSL dependencies in FreeRADIUS with
> > GnuTLS. But so far it seems, that nobody really did that, is that right?
> > Or has there been work on that and it failed for some reason? To be
> > honest I have absolutely no idea how complicated that will be but at
> > least I don't expect it to be easy. :)
>   It's hard.  The GNUTLS stuff contains wrappers for OpenSSL.  However,
> they also got a number of things in their API wrong. (From what I recall
> about the last time I checked).  This made using GnuTLS difficult.

I've also seen a lot of timeout-related problems with MTAs compiled to
use GNUTLS. Given the choice I'ld recommend everyone to use OpenSSL


Wichert Akkerman <wichert at>    It is simple to make things.                   It is hard to make things simple.

More information about the Freeradius-Devel mailing list