Date: Tue, 23 Aug 2016 20:54:35 +0100 From: Matt Smith <fbsd@xtaz.co.uk> To: Roger Marquis <marquis@roble.com> Cc: ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <20160823195434.GB98827@xtaz.uk> References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> <20160823124201.GB48814@xtaz.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 23 12:19, Roger Marquis wrote: >Matt Smith wrote: >>Going slightly off-topic, I'm curious what the opinion is around this >>and LibreSSL. > >My organization evaluated this a few months ago and after a few diffs >and code reviews decided that libressl was the future. We updated >poudriere and all make.confs, removed openssl, installed libressl and >have had no issues. We did the same with openntp a few months earlier >and recommend both for any installation that needs good security. > >Roger I have been running libressl-devel for the past few months and other than having to manually patch a few ports to get them to compile have also had no problems. However this was the case a few months ago. My questioning is specifically related to the upcoming OpenSSL 1.1 which in theory has had a lot of work done to it by a full-time paid team of developers. In fact it was meant to be released back in May but was delayed specifically so that they could squash all remaining bugs. It would be interesting if somebody could audit the changes to see how it compares to LibreSSL after it's released. There is a possibility that it may actually be the better path going forward. -- Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160823195434.GB98827>