Date: Tue, 31 Oct 2017 12:09:43 +0000 From: Ben Laurie <ben@links.org> To: Eric McCorkle <eric@metricspace.net> Cc: Julian Elischer <julian@elischer.org>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Benjamin Kaduk <bjk@freebsd.org>, "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: Crypto overhaul Message-ID: <CAG5KPzzkSz93dO9F0vuKtvVQdZgfTTsnh1dzX4iqCkEHmxXjTQ@mail.gmail.com> In-Reply-To: <cfa28da2-0a4b-c6b9-2e22-3fbb1bbc9394@metricspace.net> References: <dc08792a-3215-611c-eb9f-4936a0d621f9@metricspace.net> <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q@mail.gmail.com> <13959.1509132270@critter.freebsd.dk> <CAG5KPzxGtAwV-svCv24FbZtLvxKCwX7OSyb2pPaTc63EUmFFGA@mail.gmail.com> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net> <e83f9add-d6d4-494d-669a-215765c0b5eb@elischer.org> <cfa28da2-0a4b-c6b9-2e22-3fbb1bbc9394@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31 October 2017 at 11:48, Eric McCorkle <eric@metricspace.net> wrote: > On 10/30/2017 04:05, Julian Elischer wrote: >> On 29/10/17 8:36 am, Eric McCorkle wrote: >>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>> -------- >>>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk >>>> writes: >>>> >>>>> I would say that the 1.1.x series is less bad, especially on the >>>>> last count, >>>>> but don't know how much you've looked at the differences in the new >>>>> branch. >>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>> FreeBSD has higher ambitions. >>>> >>> I'm curious about your thoughts on LibreSSL as a possible option. >> >> what gives any evidence as to it being any better? > > At least as about its first year and a half, LibreSSL had a markedly > better track record than OpenSSL (zero high-severity CVEs vs 5 from > OpenSSL, about half as many mid- and low-security CVEs). Not getting CVEs doesn't mean not having the issues: https://marc.info/?l=openbsd-announce&m=140752800525709.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzzkSz93dO9F0vuKtvVQdZgfTTsnh1dzX4iqCkEHmxXjTQ>