https://lwn.net/Articles/486369/ This is a special feed containing comments posted to the individual LWN article titled "OpenSSL and IPv6". en-us Sat, 08 Nov 2025 10:52:06 +0000 Sat, 08 Nov 2025 10:52:06 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/685152/ https://lwn.net/Articles/685152/ ukleinek <div class="FormattedComment"> This seems to be finally fixed with openssl 1.1.0-pre3 (commit ab69ac00f3c7 ("Refactoring BIO: Adapt s_client and s_server"))<br> <p> \o/<br> </div> Tue, 26 Apr 2016 17:57:37 +0000 https://lwn.net/Articles/605645/ https://lwn.net/Articles/605645/ nix <div class="FormattedComment"> Full deployment of IPv6 is, as ever, fifty years away :P<br> </div> Wed, 16 Jul 2014 18:40:59 +0000 https://lwn.net/Articles/605078/ https://lwn.net/Articles/605078/ wicky <div class="FormattedComment"> <p> It's 2014 and nothing changed! <br> </div> Fri, 11 Jul 2014 06:32:17 +0000 https://lwn.net/Articles/486767/ https://lwn.net/Articles/486767/ ncm <div class="FormattedComment"> Thank you, this is news to me. It means I can use it in places where I thought I was obliged to use OpenSSL.<br> </div> Thu, 15 Mar 2012 21:38:41 +0000 https://lwn.net/Articles/486741/ https://lwn.net/Articles/486741/ scientes <div class="FormattedComment"> or the AF_ALG crypto kernel user-space API, for hardware that can only work through kernel-mode. (this interface was covered by LWN a few months ago, its in 2.6.38)<br> <p> <a href="http://carnivore.it/2011/04/23/openssl_-_af_alg">http://carnivore.it/2011/04/23/openssl_-_af_alg</a><br> <p> (also could be used for AES-IS, but that would not be optimum)<br> </div> Thu, 15 Mar 2012 19:45:04 +0000 https://lwn.net/Articles/486655/ https://lwn.net/Articles/486655/ giggls <div class="FormattedComment"> When I first stumbled upon gnutls a few years ago I really hate it because Debian just linked everything against it despite the fact that it just did not work that well.<br> <p> But since then gnutls seems to have come along way. Gnutls has full native pkcs11 support (required for smartcards); another thing openssl is lacking.<br> <p> Sven<br> </div> Thu, 15 Mar 2012 14:40:49 +0000 https://lwn.net/Articles/486618/ https://lwn.net/Articles/486618/ wingo <div class="FormattedComment"> A nitpick: GnuTLS is licensed under the LGPLv3+, which is a less onerous license to comply with than OpenSSL's license.<br> </div> Thu, 15 Mar 2012 12:45:38 +0000 https://lwn.net/Articles/486585/ https://lwn.net/Articles/486585/ ncm <div class="FormattedComment"> Speaking of long-delayed patches, is 1.0.1 supposed to be able to use the AES instructions supported in modern CPUs?<br> </div> Thu, 15 Mar 2012 08:25:57 +0000 https://lwn.net/Articles/486569/ https://lwn.net/Articles/486569/ Comet <div class="FormattedComment"> If you want to use the OpenSSL libraries from the command-line, I recommend socat(1), which lets you plumb up readline on the local side to SSL remotely (and a lot more besides).<br> <p> Even though I routinely use OpenSSL as the SSL provider for Exim (which supports either OpenSSL or GnuTLS, compile-time decision), for *testing* I routinely use GnuTLS's gnutls-cli(1). It's way better than s_client(1) or socat(1) for development testing in protocol work, simply because the --starttls mode doesn't presume to handle layer-7 negotiation for you. Instead, you just send an EOF at the point where you want protocol negotiation to start. With SMTP and IMAP both, this is so markedly better than the alternatives that there's little basis for comparison.<br> </div> Thu, 15 Mar 2012 05:49:25 +0000