On 10/29/17, Poul-Henning Kamp <p...@phk.freebsd.dk> wrote: > -------- > In message <df46aaa5-13a9-2fc6-bcd2-d57d79280...@metricspace.net>, Eric > McCorkl > e writes: >>On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>> -------- >>> In message <20171028123132.gf96...@kduck.kaduk.org>, Benjamin Kaduk >>> writes: >>> >>>> I would say that the 1.1.x series is less bad, especially on the last >>>> count, >>>> but don't know how much you've looked at the differences in the new >>>> branch. >>> >>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>> FreeBSD has higher ambitions. >>> >> >>I'm curious about your thoughts on LibreSSL as a possible option. > > It retains the horrible APIs, so the potential improvement is finite. >
OpenBSD started the task of making OpenSSL easier to use by adding things like libtls (see https://man.openbsd.org/tls_init ) on top of their backwards-compatible libssl. There are similar efforts in other libraries like NaCl and its forks, such as libsodium ( cf. https://nacl.cr.yp.to/features.html and https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these the kind of changes you are suggesting? Regards, b.f. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
