Crypto overhaul
Ben Laurie
ben at links.org
Fri Oct 27 20:20:15 UTC 2017
On 27 October 2017 at 20:24, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
> --------
> In message <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q at mail.gmail.com>
> , Ben Laurie writes:
>
>>OpenSSL includes (and is used for) lots of crypto that is not used in
>>SSL - since BearSSL targets SSL/TLS only, it can't, presumably, be
>>used to replace all uses of OpenSSL.
>
> Which implicitly raises the question if we really need all the
> boatloads of crap OpenSSL drags in, or if we would be in a better
> position with something simpler and saner ?
Indeed it does. Perhaps worth noting that since it was staffed,
OpenSSL has removed a fair amount of crap, BTW.
Anyway, to answer that question will presumably require someone to
either try it, or figure out what is actually needed, crypto-wise.
>
> --
> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG | TCP/IP since RFC 956
> FreeBSD committer | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-arch
mailing list