Crypto overhaul
bf
bf1783 at gmail.com
Sun Oct 29 13:46:35 UTC 2017
On 10/29/17, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> --------
> In message <df46aaa5-13a9-2fc6-bcd2-d57d792800eb at metricspace.net>, Eric
> McCorkl
> e writes:
>>On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>>> --------
>>> In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk
>>> writes:
>>>
>>>> I would say that the 1.1.x series is less bad, especially on the last
>>>> count,
>>>> but don't know how much you've looked at the differences in the new
>>>> branch.
>>>
>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope
>>> FreeBSD has higher ambitions.
>>>
>>
>>I'm curious about your thoughts on LibreSSL as a possible option.
>
> It retains the horrible APIs, so the potential improvement is finite.
>
OpenBSD started the task of making OpenSSL easier to use by adding
things like libtls
(see https://man.openbsd.org/tls_init )
on top of their backwards-compatible libssl. There are similar
efforts in other libraries like NaCl and its forks, such as libsodium
( cf. https://nacl.cr.yp.to/features.html and
https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these
the kind of changes you are suggesting?
Regards,
b.f.
More information about the freebsd-arch
mailing list