OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: bmail on April 23, 2019, 10:28:16 am

Title: [solved]OpenSSL or LibreSSL
Post by: bmail on April 23, 2019, 10:28:16 am

Hello,

Small and perhaps silly question:

Is it possible and safe to swith from OpenSSL to LibreSSL for the choice of the firmware cryptography flavour (firmware > parameters) ?

Present Release: 19.1.6 running with OpenSSL

Purpose: to get closer to the work of OpenBSD team.

Thanks a lot for your advices

Title: Re: OpenSSL or LibreSSL
Post by: chemlud on April 23, 2019, 11:05:23 am

I'm using LibreSSL on 2 installs with openVPN tunnels. Only problem is with unbound and DNS-over-TLS, otherwise doing fine...

Title: Re: OpenSSL or LibreSSL
Post by: bmail on April 23, 2019, 05:18:54 pm

Hello Chemlud,

Thanks for sharing your experience.
For the moment I use unbound without TLS, so that should work.

But, can I now, safely, switch (in the gui) to  LibreSSL without breaking anything. I suppose this will be taken into account after the next update, and not right now.

Thanks.

Title: Re: OpenSSL or LibreSSL
Post by: chemlud on April 23, 2019, 05:28:55 pm

I switched to LibreSSL last year without any trouble. What happenz nowadays if you switch? I would assume that nothing will break. But I'm not an insurance company... :-D

Title: Re: OpenSSL or LibreSSL
Post by: fabian on April 23, 2019, 05:30:00 pm

As far as I know there may be also a problem with wireguard (or was it another plugin?) if I remember that correctly that it is not available in LibreSSL. There is no problem to expect with the major plugins.

Title: [solved]Re: OpenSSL or LibreSSL
Post by: bmail on April 23, 2019, 05:55:08 pm

OK, thanks to all !

I'm going to test openvpn and squid ssl inspection within a test environment.

Have a good day.
Best regards
Bertrand