LibreSSL Continues Marching Forward On BSD Systems

Written by Michael Larabel in BSD on 29 September 2014 at 09:45 AM EDT. 2 Comments
BSD
Almost six months ago OpenBSD developers forked OpenSSL into LibreSSL and since then this new SSL alternative continues to advance.

Ted Unangst of OpenBSD gave a talk this weekend in Bulgaria at EuroBSDcon 2014. For those not in attendance, Ted posted his remarks to this page entitled LibreSSL: More Than 30 Days Later.

In the time that LibreSSL has been around more than one hundred other vulnerabilities besides Heartbleed have had to be addressed. LibreSSL has been "gutting the junk" and rewriting lots of code along with adding new crypto features. The comments also cover the portability of LibreSSL and ressl coming about as the new SSL API.

Ted explained, "Joel and I have been working on a replacement API for OpenSSL, appropriately entitled ressl. Reimagined SSL is how I think of it. Our goals are consistency and simplicity. In particular, we answer the question 'What would the user like to do?' and not 'What does the TLS protocol allow the user to do?'. You can make a secure connection to a server. You can host a secure server. You can read and write some data over that connection. A few goals. First, no OpenSSL types or functions are exposed. In fact, not even any ressl internals are exposed. You should never need to contemplate X.509 or ASN.1. Those are implementation details far beyond the level of caring of most developers or users. As a consequence of that, the API is easy for other languges to bind to. The ressl interface could almost equally well describe transport over ssh tunnels. What do you want? Do you want a secure connection? We give you a secure connection."
2 Comments
Related News
OpenBSD 7.5 Released - Faster Performance For Many-Core ARM Servers
NetBSD 10.0 Released With Much Improved Hardware Support & Faster Performance
FreeBSD 13.3 Released With Better WiFi Support, LLVM objdump Added
NetBSD 10.0 Should Be Released Soon - Likely Last RC Debuts
FreeBSD 13.3-RC1 Improves WiFi Stability, Takes Care Of Some Kernel Panics
FreeBSD Has Been Working On AMD64 SIMD libc Optimizations - Coming For FreeBSD 14.1
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode