Void Linux uses LibreSSL by default since 2014.
http://www.voidlinux.eu/news/2014/08/LibreSSL-by-default.html
On Sun, Jan 29, 2017 at 11:27 PM, Marc Collin <marc.collin7_AT_gmail.com> wrote:
> Alpine Linux uses LibreSSL by default since October.
>
> https://lists.alpinelinux.org/alpine-devel/5463.html
>
>
>
> On Sun, Jan 29, 2017 at 8:49 PM, Quentin Rameau <quinq_AT_fifth.space> wrote:
>> On Sun, 29 Jan 2017 23:38:17 +0100
>> Laslo Hunhold <dev_AT_frign.de> wrote:
>>
>>> On Sun, 29 Jan 2017 17:16:55 -0500
>>> "S. Gilles" <sgilles_AT_math.umd.edu> wrote:
>>>
>>> Hey,
>>>
>>> > On my Linux system (Gentoo), it's available as part of the libressl
>>> > package. It even seems to have manpages taken directly from
>>> > OpenBSD.
>>>
>>> I'm running Gentoo as well and should've given the libressl-ebuild
>>> more consideration. To be honest, making the switch from OpenSSL to
>>> LibreSSL is still non-trivial, but there is progress.
>>>
>>> I was wondering if it even works with OpenSSL. Looking at tls.c, it's
>>> using tls_internal.h, which makes me assume that it's closely bound to
>>> LibreSSL. I follow LibreSSL-development very closely and am shocked in
>>> what state the OpenSSL-codebase was/is.
>>> Every developer working on LibreSSL is doing god's work and for good
>>> reason more and more independent security researchers are sending
>>> their patches to the LibreSSL-team instead of the OpenSSL-team, whose
>>> sole purpose at the time when Heartbleed was discovered in 2014
>>> seemed to be to give FIPS-seminars and raise funds.
>>> It speaks for itself that issues in their bugtracker were ignored; to
>>> the point, that the LibreSSL-devs went through it and applied the
>>> fixes themselves. Also take a look at the significant number of CVE's
>>> in the last years which LibreSSL wasn't affected by because they
>>> deployed good coding measures, removed cruft and generally put more
>>> trust in the underlying operating system to provide good random data,
>>> a good memory allocator and so on.
>>>
>>> What is truly remarkable is the fact that such a little team around
>>> Bob Beck was able to pull this off so efficiently.
>>>
>>> I wonder why there is not even more effort to adopt LibreSSL in the
>>> major Linux distributions. I think it's just a matter of time until we
>>> see the next major security hole in OpenSSL.
>>>
>>> Cheers
>>>
>>> Laslo
>>>
>>
>> Cool story, bro
>>
Received on Mon Jan 30 2017 - 02:29:09 CET