Re: [hackers] Updating SSL patch for ii.

From: Marc Collin <>
Date: Sun, 29 Jan 2017 23:27:41 -0200

Alpine Linux uses LibreSSL by default since October.

On Sun, Jan 29, 2017 at 8:49 PM, Quentin Rameau <> wrote:
> On Sun, 29 Jan 2017 23:38:17 +0100
> Laslo Hunhold <> wrote:
>> On Sun, 29 Jan 2017 17:16:55 -0500
>> "S. Gilles" <> wrote:
>> Hey,
>> > On my Linux system (Gentoo), it's available as part of the libressl
>> > package. It even seems to have manpages taken directly from
>> > OpenBSD.
>> I'm running Gentoo as well and should've given the libressl-ebuild
>> more consideration. To be honest, making the switch from OpenSSL to
>> LibreSSL is still non-trivial, but there is progress.
>> I was wondering if it even works with OpenSSL. Looking at tls.c, it's
>> using tls_internal.h, which makes me assume that it's closely bound to
>> LibreSSL. I follow LibreSSL-development very closely and am shocked in
>> what state the OpenSSL-codebase was/is.
>> Every developer working on LibreSSL is doing god's work and for good
>> reason more and more independent security researchers are sending
>> their patches to the LibreSSL-team instead of the OpenSSL-team, whose
>> sole purpose at the time when Heartbleed was discovered in 2014
>> seemed to be to give FIPS-seminars and raise funds.
>> It speaks for itself that issues in their bugtracker were ignored; to
>> the point, that the LibreSSL-devs went through it and applied the
>> fixes themselves. Also take a look at the significant number of CVE's
>> in the last years which LibreSSL wasn't affected by because they
>> deployed good coding measures, removed cruft and generally put more
>> trust in the underlying operating system to provide good random data,
>> a good memory allocator and so on.
>> What is truly remarkable is the fact that such a little team around
>> Bob Beck was able to pull this off so efficiently.
>> I wonder why there is not even more effort to adopt LibreSSL in the
>> major Linux distributions. I think it's just a matter of time until we
>> see the next major security hole in OpenSSL.
>> Cheers
>> Laslo
> Cool story, bro
Received on Mon Jan 30 2017 - 02:27:41 CET

This archive was generated by hypermail 2.3.0 : Mon Jan 30 2017 - 02:36:16 CET