Announcement

Collapse
No announcement yet.

OpenSSL 3.4 Alpha 1 Released With New Features

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSSL 3.4 Alpha 1 Released With New Features

    Phoronix: OpenSSL 3.4 Alpha 1 Released With New Features

    The first alpha release of OpenSSL 3.4 is now available for testing as the next feature update to this widely-used SSL library / cryptography toolkit...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    With all the Rust articles lately I wonder how long until we get the headline:
    Fedora 43 exploring using RustTLS to replace OpenSSL
    We shouldn't have memory unsafe code doing cryptography!

    Comment


    • #3
      Originally posted by ahrs View Post
      With all the Rust articles lately I wonder how long until we get the headline:


      We shouldn't have memory unsafe code doing cryptography!
      Because SSL is actually important and needs to exist almost anywhere.

      You don't have important software that needs to exist almost anywhere implemented in Rust.

      Originally posted by ahrs View Post
      RustTLS
      Heh. ​RustTLS is just a thick binding ontop of OpenSSL (which is written in C)... with a disgusting, unauditable number of dependencies. Any cryptography it does is memory unsafe (and in many cases type unsafe due to the binding process).
      Last edited by kpedersen; 05 September 2024, 03:48 PM.

      Comment


      • #4
        OpenSSL now supports building Position Independent Executables (PIE) with a new "enable-pie" configuration option to support Address Space Layout Randomization (ASL)R with the OpenSSL executable.
        Somewhat surprised that wasn't already inplace, admittedly perhaps not the most juicy attack surface it might seem but still.

        Comment


        • #5
          Originally posted by kpedersen View Post

          Because SSL is actually important and needs to exist almost anywhere.

          You don't have important software that needs to exist almost anywhere implemented in Rust.



          Heh. ​RustTLS is just a thick binding ontop of OpenSSL (which is written in C)... with a disgusting, unauditable number of dependencies. Any cryptography it does is memory unsafe (and in many cases type unsafe due to the binding process).
          So just like the Rust support in the kernel then…

          I was mostly joking but you'd think somebody would be interested in writing safe cryptography primitives by now. What do operating systems like Redox use? I assume it supports some sort of system cryptography library.

          In all seriousness though a distro could adopt it if they wanted to. Curl has support for using it and other applications could be adapted:

          Comment


          • #6
            I believe "safe" languages like Java have cryptography libraries. Most people in "native land" fall back to OpenSSL because it is low on dependencies. For many use-cases, clean integration is more important than stronger safety guarantees.

            Originally posted by ahrs View Post
            So just like the Rust support in the kernel then…
            We still only need a C compiler to build the default upstream kernel. I don't think that will change in our lifespan.
            Last edited by kpedersen; 06 September 2024, 09:36 AM.

            Comment


            • #7
              Java had the Java Cryptography Architecture, assume it still has it.

              Comment


              • #8
                Originally posted by kpedersen View Post
                Heh. ​RustTLS is just a thick binding ontop of OpenSSL (which is written in C)... with a disgusting, unauditable number of dependencies. Any cryptography it does is memory unsafe (and in many cases type unsafe due to the binding process).
                Are you trolling? That's used by the `openssl` dep, which is only then used by `rustls-openssl-tests` dep which you can see is only used here, and in the CI to run the those tests.

                There is no actual dependency to OpenSSL for using RustTLS, you're spreading misinformation.

                Comment

                Working...
                X