Arnt Gulbrandsen
About meAbout this blog

Switching to OpenSSL

Archiveopteryx uses OpenSSL by default starting with version 3.1.3. Sadly, it runs noticeably better than with Cryptlib.

Compatibility with other TLS stacks is clearly better. The Mozilla TLS stack works much better with Archiveopteryx now, ditto whatever Android uses.

Naturally we immediately ran into inexplicable OpenSSL behaviour. Mail sessions last rather longer than web sessions, so we thought we might extend the session cache's lifetime. OpenSSL can do that, the manual says so, but how does one get it to work?

I think Cryptlib might be a trademark, so maybe I'd better write Cryptlib. OpenSSL on the other hand is best written like this: OpenSSL.