SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Will LibreSSL ever replace OpenSSL in Slackware? Any opinions appreciated.
Why would we need to?
OpenSSL now has funding available for full time developers to address gaps, and there are new developers working (almost) full time on it to help address issues with the software, and also provide guidance regarding new features and how to implement them securely.
Akamai (my employer) has full time engineers now working on OpenSSL which is why I know.
I switched back to openssl, because it's too much of a hassle to keep libressl up-to-date and working. I think it would be better than openssl. No, I don't trust the openssl devs at all. They have been ignoring critical bugs for years, and I don't think money is going to solve that.
I think the OpenBSD guys realise that there's only so far one can go trying to "fix" libssl. And, that's why as well as doing the libressl cleanup of libssl, they're also writing a new libtls library, with the intention of doing things properly from the start.
IMO 'libtls' is the more interesting part of the libressl project, though I'm sure some will try and dismiss it as just NIH syndrome. Whether it gains traction outside of OpenBSD will be interesting to see.
Another alternative to OpenSSL would be PolarSSL. Some months ago I read an article in a German Linux magazine (sorry, I don't recall, which one, ATM) comparing various OpenSSL alternatives, and PolarSSL scored high, as it shines with maturity, and clean and lean code.
The article started with a good sketch of how and why things went so awfully wrong with OpenSSL. While money alone won't solve the issues, it is a pre-requisite. You cannot respond to bug reports when you don't have resources. The author saw some changes in the way the project works now compared to the past, and was optimistic that OpenSSL is on the right track now. From a user perspective, OpenSSL is the choice that causes the least hassle. All the alternatives either lack features or suffer from an incompatible API, which can break applications relying on the OpenSSL.
LibreSSL was also considered a good choice, but a few months back the project was quite new. It will take time to mature and shares the advantage of incompatible API with PolarSSL and the others.
I don't remember the other contenders, anymore, but none of them would compete with PolarSSL or LibreSSL.
If I find the article I'll provide a reference, or a link, if it's available on the web.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
