Upcoming OpenSSL 1.1.0 release
Matt Smith
fbsd at xtaz.co.uk
Tue Aug 23 20:02:10 UTC 2016
On Aug 23 12:19, Roger Marquis wrote:
>Matt Smith wrote:
>>Going slightly off-topic, I'm curious what the opinion is around this
>>and LibreSSL.
>
>My organization evaluated this a few months ago and after a few diffs
>and code reviews decided that libressl was the future. We updated
>poudriere and all make.confs, removed openssl, installed libressl and
>have had no issues. We did the same with openntp a few months earlier
>and recommend both for any installation that needs good security.
>
>Roger
I have been running libressl-devel for the past few months and other
than having to manually patch a few ports to get them to compile have
also had no problems. However this was the case a few months ago. My
questioning is specifically related to the upcoming OpenSSL 1.1 which in
theory has had a lot of work done to it by a full-time paid team of
developers. In fact it was meant to be released back in May but was
delayed specifically so that they could squash all remaining bugs. It
would be interesting if somebody could audit the changes to see how it
compares to LibreSSL after it's released. There is a possibility that
it may actually be the better path going forward.
--
Matt
More information about the freebsd-ports
mailing list