I went through a lengthy process removing mod_ssl and replaced it with gnutls because I wanted to use TLS 1.3.
The difference I’ve noticed is gnutls doesn’t support older, legacy methods, only new ones.
OpenSSL supports them all. Is that a better choice? I could find very little support configuring with gnutls and Apache other than the RTFM pages.
Cons pro? Should I move back to mod_ssl? I'm leaning towards, I made a mistake with GnuTLS just for TLS 1.3 and to get a good security ranking score.
CodePudding user response:
Most people use OpenSSL, and it has been updated to work with newer versions of TLS as well as older versions (backwards compatibility).
As far as which is better, I don't know, but most use OpenSSL.
And regarding "Server Fault" in the comment, the user could have been more informative, and likely was referring to the domain, serverfault.com, which they did not elaborate to, making it confusing.