On 29 October 2017 at 15:17, Eric McCorkle <e...@metricspace.net> wrote: > On 10/29/2017 09:46, bf wrote: >> On 10/29/17, Poul-Henning Kamp <p...@phk.freebsd.dk> wrote: >>> -------- >>> In message <df46aaa5-13a9-2fc6-bcd2-d57d79280...@metricspace.net>, Eric >>> McCorkl >>> e writes: >>>> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >>>>> -------- >>>>> In message <20171028123132.gf96...@kduck.kaduk.org>, Benjamin Kaduk >>>>> writes: >>>>> >>>>>> I would say that the 1.1.x series is less bad, especially on the last >>>>>> count, >>>>>> but don't know how much you've looked at the differences in the new >>>>>> branch. >>>>> >>>>> While "less bad" is certainly a laudable goal for OpenSSL, I hope >>>>> FreeBSD has higher ambitions. >>>>> >>>> >>>> I'm curious about your thoughts on LibreSSL as a possible option. >>> >>> It retains the horrible APIs, so the potential improvement is finite. >>> >> >> OpenBSD started the task of making OpenSSL easier to use by adding >> things like libtls >> >> (see https://man.openbsd.org/tls_init ) >> >> on top of their backwards-compatible libssl. There are similar >> efforts in other libraries like NaCl and its forks, such as libsodium >> ( cf. https://nacl.cr.yp.to/features.html and >> https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these >> the kind of changes you are suggesting? > > I know the LibreSSL roadmap includes more plans to improve the API > design to make it more usable. > > Overall, I think LibreSSL is the best option, though there needs to be > some investigation into how easily it can be used for kernel and > boot-loader purposes. Things like libsodium are too narrow in their > focus, and BearSSL is too new. > > Plus the fact that LibreSSL originates from one of the BSDs and has its > backing is a significant advantage, I think.
Mostly it originates from OpenSSL. :-) _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
