LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 08-31-2020, 03:26 AM   #1
noojgog
LQ Newbie
 
Registered: Aug 2020
Posts: 4

Rep: Reputation: Disabled
Question How do I switch HardenedBSD from OpenSSL to LibreSSL?


One of the things I like about OpenBSD is its inclusion of LibreSSL
to replace OpenSSL. According to Void Linux, it's a lot more secure.
https://en.wikipedia.org/wiki/Heartbleed

However, upon looking up HardenedBSD, I find it a lot more secure
in areas where OpenBSD isn't.
https://hardenedbsd.org/content/easy-feature-comparison

Thanks to the magic of Open Source software, there's gotta be a way to
replace OpenSSL and implement LibreSSL in my HardenedBSD installation.

Right?
 
Old 09-06-2020, 01:32 PM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Pi OS & Android
Posts: 11,779

Rep: Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387
Quote:
Originally Posted by noojgog View Post
One of the things I like about OpenBSD is its inclusion of LibreSSL
to replace OpenSSL. According to Void Linux, it's a lot more secure.
https://en.wikipedia.org/wiki/Heartbleed

However, upon looking up HardenedBSD, I find it a lot more secure
in areas where OpenBSD isn't.
https://hardenedbsd.org/content/easy-feature-comparison

Thanks to the magic of Open Source software, there's gotta be a way to
replace OpenSSL and implement LibreSSL in my HardenedBSD installation.

Right?
Maybe. I was on a hardened system once - HLFS. I compiled the last version, as it happens. On the next version, you couldn't get gcc to compile with key patches applied. It eventually folded over that problem. Once you say 'hardened,' you're dealing with a hardened kernel, Glibc, gcc, etc. All your programs will have been built with on a toolchain with patches applied for the hardened system. You have to have the hardened toolchain before you can build anything.

BSD was paranoid to begin with, so I shudder to think how paranoid it probably is now. Get on the hardened bsd mailing list/forum, and post there. Failing that, grab/get a hardened toolchain and try compiling it. It's probably safer not to deviate from the straight & narrow with any hardened system. Look up any options; I had to specify certain non-standard things when compiling
 
Old 09-08-2020, 02:31 AM   #3
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,425

Rep: Reputation: Disabled
Tbere is an existing freebsd port. Maybe have a look? https://www.freshports.org/security/libressl/
 
  


Reply

Tags
bsd, openbsd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Alpine Linux 3.9 Released with ARMv7 Support, Switches from LibreSSL to OpenSSL LXer Syndicated Linux News 0 02-01-2019 01:12 PM
HardenedBSD update Aeterna *BSD 4 09-01-2017 08:41 PM
OpenSSL vs LibreSSL l0rddarkf0rce Slackware 5 09-16-2015 08:22 PM
LXer: OpenSSL code beyond repair, claims creator of “LibreSSL” fork LXer Syndicated Linux News 1 04-23-2014 11:43 AM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 02:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration