Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: chemlud on November 29, 2021, 04:47:09 PM

Title: Why I don't like openssl...
Post by: chemlud on November 29, 2021, 04:47:09 PM
https://www.openssl.org/blog/blog/2021/11/24/hiring-manager-and-developer/

Quote...
Advantageous, but not required are:

    an understanding of Cryptography;
    an ability to write secure code;...

No further questions....
Title: Re: Why I don't like openssl...
Post by: fabian on November 29, 2021, 09:17:10 PM
Maybe they will teach that anyway, so that might be the reason. However it would make sense, to write it differently then as that way it is bad for the reputation.

BTW: Fefe commented that simmilar to you:

http://blog.fefe.de/?ts=9f619581
Title: Re: Why I don't like openssl...
Post by: chemlud on November 30, 2021, 09:33:36 AM
crypto and "good programming practices" as training-on-the-job with the track record openssl has? I'm not convinced... :-D

Title: Re: Why I don't like openssl...
Post by: franco on November 30, 2021, 03:04:19 PM
Read this recently and it seems that big money succeeded in reviving OpenSSL and LibreSSL is being sidelined more and more due to this. It's been a good couple of years but we also can't keep up our efforts forever.

https://lwn.net/Articles/841664/


Cheers,
Franco
Title: Re: Why I don't like openssl...
Post by: fabian on November 30, 2021, 05:56:22 PM
@franco I think the problem is another. Since the APIs are different so that LibreSSL is not an entire drop in replacement for OpenSSL, it fails because it was not really adopted by open source projects depending on OpenSSL.
Also, LibreSSL did not support TLS 1.3 for a long time so I guess there was a big difference in the expectations of the OpenBSD developers (maximum stability and security) and the developers out there working with it (also the support of current features count).


Title: Re: Why I don't like openssl...
Post by: chemlud on November 30, 2021, 06:00:10 PM
Quote from: fabian on November 30, 2021, 05:56:22 PM
@franco I think the problem is another. Since the APIs are different so that LibreSSL is not an entire drop in replacement for OpenSSL, it fails because it was not really adopted by open source projects depending on OpenSSL.
Also, LibreSSL did not support TLS 1.3 for a long time so I guess there was a big difference in the expectations of the OpenBSD developers (maximum stability and security) and the developers out there working with it (also the support of current features count).

If I understand the situation correctly, even if I choose LibreSSL flavor on OPNsense, some packages and maybe the core still rely on openSSL and onlyy some parts use LibreSSL?
Title: Re: Why I don't like openssl...
Post by: chemlud on November 30, 2021, 06:02:40 PM
Quote from: franco on November 30, 2021, 03:04:19 PM
Read this recently and it seems that big money succeeded in reviving OpenSSL and LibreSSL is being sidelined more and more due to this. It's been a good couple of years but we also can't keep up our efforts forever.

https://lwn.net/Articles/841664/


Cheers,
Franco

I'm still under the impression that there are strong intrests in trashy crypto implementations (libpurple?). Otherwise these problems would have been sorted out sooner or later. Explains in part why people prefer Wireguard, imo...
Text only | Text with Images