Author Topic: Why I don't like openssl... (Read 3072 times)

chemlud · « **on:** November 29, 2021, 04:47:09 pm »

https://www.openssl.org/blog/blog/2021/11/24/hiring-manager-and-developer/

Quote

...
Advantageous, but not required are:

an understanding of Cryptography;
an ability to write secure code;...

No further questions....

fabian · « **Reply #1 on:** November 29, 2021, 09:17:10 pm »

Maybe they will teach that anyway, so that might be the reason. However it would make sense, to write it differently then as that way it is bad for the reputation.

BTW: Fefe commented that simmilar to you:

http://blog.fefe.de/?ts=9f619581

chemlud · « **Reply #2 on:** November 30, 2021, 09:33:36 am »

crypto and "good programming practices" as training-on-the-job with the track record openssl has? I'm not convinced... :-D

franco · « **Reply #3 on:** November 30, 2021, 03:04:19 pm »

Read this recently and it seems that big money succeeded in reviving OpenSSL and LibreSSL is being sidelined more and more due to this. It's been a good couple of years but we also can't keep up our efforts forever.

https://lwn.net/Articles/841664/

Cheers,
Franco

fabian · « **Reply #4 on:** November 30, 2021, 05:56:22 pm »

@franco I think the problem is another. Since the APIs are different so that LibreSSL is not an entire drop in replacement for OpenSSL, it fails because it was not really adopted by open source projects depending on OpenSSL.
Also, LibreSSL did not support TLS 1.3 for a long time so I guess there was a big difference in the expectations of the OpenBSD developers (maximum stability and security) and the developers out there working with it (also the support of current features count).

chemlud · « **Reply #5 on:** November 30, 2021, 06:00:10 pm »

Quote from: fabian on November 30, 2021, 05:56:22 pm

@franco I think the problem is another. Since the APIs are different so that LibreSSL is not an entire drop in replacement for OpenSSL, it fails because it was not really adopted by open source projects depending on OpenSSL.
Also, LibreSSL did not support TLS 1.3 for a long time so I guess there was a big difference in the expectations of the OpenBSD developers (maximum stability and security) and the developers out there working with it (also the support of current features count).

If I understand the situation correctly, even if I choose LibreSSL flavor on OPNsense, some packages and maybe the core still rely on openSSL and onlyy some parts use LibreSSL?

chemlud · « **Reply #6 on:** November 30, 2021, 06:02:40 pm »

Quote from: franco on November 30, 2021, 03:04:19 pm

Read this recently and it seems that big money succeeded in reviving OpenSSL and LibreSSL is being sidelined more and more due to this. It's been a good couple of years but we also can't keep up our efforts forever.

https://lwn.net/Articles/841664/

Cheers,
Franco

I'm still under the impression that there are strong intrests in trashy crypto implementations (libpurple?). Otherwise these problems would have been sorted out sooner or later. Explains in part why people prefer Wireguard, imo...

Author Topic: Why I don't like openssl... (Read 3072 times)

chemlud

Why I don't like openssl...

fabian

Re: Why I don't like openssl...

chemlud

Re: Why I don't like openssl...

franco

Re: Why I don't like openssl...

fabian

Re: Why I don't like openssl...

chemlud

Re: Why I don't like openssl...

chemlud

Re: Why I don't like openssl...