Comment 16 for bug 1099755

Yeah, I would suggest sticking with OpenSSL for now. Fewer changes at a time is good. Then you can work with upstream to get input on those 4 bugs—actually they’re all the same bug, since they’ve been merged together—and if gnutls is really the right solution, work with upstream to get the code up to production quality.

(I haven’t looked at the bug in detail, but what it looks like on the surface is that OpenSSL has better security features enabled by default, such as BEAST attack mitigation, that may interfere with old networks with buggy SSL implementations. If that’s what’s going on, the right answer is to get those networks fixed, but it should also be possible to optionally disable those better security features in OpenSSL.)