LibreSSL Continues Marching Forward On BSD Systems

Written by Michael Larabel in BSD on 29 September 2014 at 09:45 AM EDT. 2 Comments
Almost six months ago OpenBSD developers forked OpenSSL into LibreSSL and since then this new SSL alternative continues to advance.

Ted Unangst of OpenBSD gave a talk this weekend in Bulgaria at EuroBSDcon 2014. For those not in attendance, Ted posted his remarks to this page entitled LibreSSL: More Than 30 Days Later.

In the time that LibreSSL has been around more than one hundred other vulnerabilities besides Heartbleed have had to be addressed. LibreSSL has been "gutting the junk" and rewriting lots of code along with adding new crypto features. The comments also cover the portability of LibreSSL and ressl coming about as the new SSL API.

Ted explained, "Joel and I have been working on a replacement API for OpenSSL, appropriately entitled ressl. Reimagined SSL is how I think of it. Our goals are consistency and simplicity. In particular, we answer the question 'What would the user like to do?' and not 'What does the TLS protocol allow the user to do?'. You can make a secure connection to a server. You can host a secure server. You can read and write some data over that connection. A few goals. First, no OpenSSL types or functions are exposed. In fact, not even any ressl internals are exposed. You should never need to contemplate X.509 or ASN.1. Those are implementation details far beyond the level of caring of most developers or users. As a consequence of that, the API is easy for other languges to bind to. The ressl interface could almost equally well describe transport over ssh tunnels. What do you want? Do you want a secure connection? We give you a secure connection."
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week