Crypto overhaul

[Matthias Andree]

Am 29.10.2017 um 02:36 schrieb Eric McCorkle:
> On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>> --------
>> In message <20171028123132.GF96685 at kduck.kaduk.org>, Benjamin Kaduk writes:
>>
>>> I would say that the 1.1.x series is less bad, especially on the last count,
>>> but don't know how much you've looked at the differences in the new branch.
>> While "less bad" is certainly a laudable goal for OpenSSL, I hope
>> FreeBSD has higher ambitions.
>>
> I'm curious about your thoughts on LibreSSL as a possible option.

To me as application developer (fetchmail) and user of FreeBSD on a
vserver as web/mail server, I've seen LibreSSL break its users too often,
require extra hoops to detect its old API as opposed to OpenSSL
1.1.x/1.0.x distinction, so it gambled away the little trust I had and
I've cast it out again from my computers and just committed the bare
minimals to detect and warn about LibreSSL.

Just going on a rampage with the fork, badmouthing OpenSSL (which has
come quite a way since LibreSSL forked off), doesn't quite build the
case for LibreSSL to become a fully-fledged SSL/TLS/crypto replacement
stack for OpenSSL, in my book.