Bob's slides from BSDCan Ottawa 2014 are interesting and can be found in full via OpenBSD.org. Some highlights from the presentation on LibreSSL include:
- The "perfect storm" happened for OpenSSL with developers being concerned about adding features and not fixing/maintaining, fixes not being merged upstream, bug rot for years, and horrible code.
- LibreSSL is still after maintaining API/ABI compatibility with OpenSSL so it can be a drop-in replacement.
- OpenBSD developers have found numerous faults with OpenSSL and the decisions made by its developers.
- They have already fixed many bugs and have about a half-million line unidiff from OpenSSL 1.0.1g from where they forked.
- New ciphers for Brainpool, ChaCha, poly1305, and ANSSI FRP256v1 have been added to LibreSSL.
- LibreSSL accuses the OpenSSL Foundation as being a front for the FIPS consultancy.
- Long term goals of LibreSSL are a better API, reduced code-base, splitting libcrypto from libssl, and splitting non-cryptography tasks from libcrypto.
- The Linux Foundation has not committed support to LibreSSL although they are now funding OpenSSL via their core infrastructure initiative.