librelist archives

« back to archive

OpenBSD Project forked LibreSSL from OpenSSL

OpenBSD Project forked LibreSSL from OpenSSL

From:
Siju George
Date:
2014-04-24 @ 04:59
HI,

LibreSSL will be maintained by the OpenBSD project Just like

   1. OpenSSH <http://www.openssh.com/>,
   2. OpenBGPD <http://www.openbgpd.org/>,
   3. OpenNTPD <http://www.openntpd.org/>,
   4. OpenSMTPD <http://www.opensmtpd.org/>,
   5. OpenIKED <http://www.openiked.org/>,
   6. mandoc <http://mdocml.bsd.lv/>


http://www.libressl.org
http://undeadly.org/cgi?action=article&sid=20140423045847&mode=flat&count=42

Re: [ilugcochin] OpenBSD Project forked LibreSSL from OpenSSL

From:
Pirate Praveen
Date:
2014-04-24 @ 07:44
On Thursday 24 April 2014 10:29 AM, Siju George wrote:
> HI,
> 
> LibreSSL will be maintained by the OpenBSD project Just like 
> 
>  1. OpenSSH <http://www.openssh.com/>, 
>  2. OpenBGPD <http://www.openbgpd.org/>, 
>  3. OpenNTPD <http://www.openntpd.org/>, 
>  4. OpenSMTPD <http://www.opensmtpd.org/>, 
>  5. OpenIKED <http://www.openiked.org/>, 
>  6. mandoc <http://mdocml.bsd.lv/> 
> 
> 
> http://www.libressl.org <http://www.libressl.org/>
> http://undeadly.org/cgi?action=article&sid=20140423045847&mode=flat&count=42

There is lot of complaint about openssl code quality in debian and
hopefully libressl will improve the quality and we will have an openssl
alternative with good coverage. There are other implementations like
gnutls, polar ssl ,nss etc but except for nss others don't have good
coverage of tls protocol implementation. It would also take effort to
port applications to use any new tls implementation as majority of the
code is written for openssl. But with bugs like heartbleed, we have no
choice but to have better tls implementations.

Thanks for sharing this info.

Re: [ilugcochin] OpenBSD Project forked LibreSSL from OpenSSL

From:
Bobinson K B
Date:
2014-04-24 @ 08:50
​Thanks for the info Sijo.

@Praveen,

"It would also take effort to
port applications to use any new tls implementation as majority of the
code is written for openssl."

LibreSSL can implement wrap around functions to make sure backward
compatibility right ? Or is it much more difficult than that ?​

Re: [ilugcochin] OpenBSD Project forked LibreSSL from OpenSSL

From:
Pirate Praveen
Date:
2014-04-24 @ 09:25
On Thursday 24 April 2014 02:20:41 PM IST, Bobinson K B wrote:
> LibreSSL can implement wrap around functions to make sure backward
> compatibility right ? Or is it much more difficult than that ?​

I hope they make it a drop in replacement for openssl. Moving to gnu tls
or nss require considerable changes to code. Fedora attempted to use nss
by default but that effort has stalled. You can read the rationale here
https://fedoraproject.org/wiki/FedoraCryptoConsolidation

Re: [ilugcochin] OpenBSD Project forked LibreSSL from OpenSSL

From:
Bobinson K B
Date:
2014-04-24 @ 10:04
​Thanks ! It was very informative. "Drop in replacement" may be too
difficult to achieve. PubSub models can save us from these sort of issues
IMHO. I am not familiar how these libraries are written, but a publisher -
subscriber model or something like a RESTful model is possible ? Is that
which services like XDMCP does ?