FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Benjamin Kaduk
kaduk at mit.edu
Fri Dec 11 20:14:30 UTC 2020
Hi Franco,
On Fri, Dec 11, 2020 at 01:28:43PM +0100, Franco Fichtner wrote:
>
> > On 11. Dec 2020, at 13:20, Martin Simmons <martin at lispworks.com> wrote:
> >
> >
> > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always
> > use the base OpenSSL at the moment?
>
> Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally.
>
> In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL.
>
> For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch.
>
> Effectively, using the second tier crypto to emulate the first tier crypto would trash the second tier for everyone else.
Could you please clarify what you mean by "second tier crypto" and "first
tier crypto"? I'm having a hard time understanding this statement.
Thanks,
Ben
More information about the freebsd-security
mailing list