On 10/28/2017 09:15, Poul-Henning Kamp wrote:> -------- > In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk writes: > >> I would say that the 1.1.x series is less bad, especially on the last count, >> but don't know how much you've looked at the differences in the new branch. > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > FreeBSD has higher ambitions. >I'm curious about your thoughts on LibreSSL as a possible option.
-------- In message <df46aaa5-13a9-2fc6-bcd2-d57d792800eb at metricspace.net>, Eric McCorkl e writes:>On 10/28/2017 09:15, Poul-Henning Kamp wrote: >> -------- >> In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk writes: >> >>> I would say that the 1.1.x series is less bad, especially on the last count, >>> but don't know how much you've looked at the differences in the new branch. >> >> While "less bad" is certainly a laudable goal for OpenSSL, I hope >> FreeBSD has higher ambitions. >> > >I'm curious about your thoughts on LibreSSL as a possible option.It retains the horrible APIs, so the potential improvement is finite. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
On Sat, Oct 28, 2017 at 08:36:01PM -0400, Eric McCorkle wrote:> On 10/28/2017 09:15, Poul-Henning Kamp wrote: > > -------- > > In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk writes: > > > >> I would say that the 1.1.x series is less bad, especially on the last count, > >> but don't know how much you've looked at the differences in the new branch. > > > > While "less bad" is certainly a laudable goal for OpenSSL, I hope > > FreeBSD has higher ambitions. > > > > I'm curious about your thoughts on LibreSSL as a possible option.I haven't been following LibreSSL enough to have an informed opinion, but my uninformed opinion was that OpenSSL proper has been proceeding with modernization at a faster pace than LibreSSL. -Ben
On 29/10/17 8:36 am, Eric McCorkle wrote:> On 10/28/2017 09:15, Poul-Henning Kamp wrote: >> -------- >> In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk writes: >> >>> I would say that the 1.1.x series is less bad, especially on the last count, >>> but don't know how much you've looked at the differences in the new branch. >> While "less bad" is certainly a laudable goal for OpenSSL, I hope >> FreeBSD has higher ambitions. >> > I'm curious about your thoughts on LibreSSL as a possible option.what gives any evidence as to it being any better?> _______________________________________________ > freebsd-security at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"