On 10/29/17, Poul-Henning Kamp <phk at phk.freebsd.dk>
wrote:> --------
> In message <df46aaa5-13a9-2fc6-bcd2-d57d792800eb at metricspace.net>,
Eric
> McCorkl
> e writes:
>>On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>>> --------
>>> In message <20171028123132.GF96685 at kduck.kaduk.org>,
Benjamin Kaduk
>>> writes:
>>>
>>>> I would say that the 1.1.x series is less bad, especially on
the last
>>>> count,
>>>> but don't know how much you've looked at the
differences in the new
>>>> branch.
>>>
>>> While "less bad" is certainly a laudable goal for
OpenSSL, I hope
>>> FreeBSD has higher ambitions.
>>>
>>
>>I'm curious about your thoughts on LibreSSL as a possible option.
>
> It retains the horrible APIs, so the potential improvement is finite.
>
OpenBSD started the task of making OpenSSL easier to use by adding
things like libtls
(see https://man.openbsd.org/tls_init )
on top of their backwards-compatible libssl. There are similar
efforts in other libraries like NaCl and its forks, such as libsodium
( cf. https://nacl.cr.yp.to/features.html and
https://www.gitbook.com/book/jedisct1/libsodium/details ). Are these
the kind of changes you are suggesting?
Regards,
b.f.