From The Linux Foundation
There is very high ISV demand for a crypto/SSL library of some kind. Several candidates are available:
- OpenSSL. This is the standard pretty much everyone uses. Its pros and cons are discussed on its page, but in a nutshell, binary compatibility remains the biggest hurdle to standardizing it.
- Mozilla NSS. This is attractive because several vendors, including Red Hat, are using it as the basis for future security efforts, and its obvious installed base (with Firefox and Thunderbird). It also appears to have been ABI-stable for a long time.
- GNU TLS. Contains a compatibility library somewhat-ABI-compatible with OpenSSL, but may not be mature or stable enough. Plus, the compatibility ABI may not be useful.