FreeBSD Security Advisory FreeBSD-SA-20:33.openssl

John Long codeblue at inbox.lv
Sun Dec 13 12:12:17 UTC 2020


Hi Guys,

What about adopting OpenBSD's libressl? I was expecting it to take a
long time to be compatible but from my uneducated point of view it
looks like they did an incredible job. I think everything on OpenBSD
uses it.

I was running OpenBSD until I put FreeBSD 12.2 on a new box, so I
haven't been looking at for a year or so.

Does anybody know if this is a viable option? Can we just link against
libressl or is it (much) more involved than that?

/jl



On Sat, 12 Dec 2020 18:07:27 -0800
Benjamin Kaduk <kaduk at mit.edu> wrote:

> On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
> >
> > If FreeBSD is going to continue to use OpenSSL, better testing
> > needs to be done to figure out such breakage earliers, and how to
> > not have them go undetected for so long.  
> 
> I don't think anyone would argue against increasing test coverage.
> The most important question seems to be how to know what should be
> getting tested but isn't.  Do you have any ideas for where to start
> looking?
> 
> Thanks,
> 
> Ben
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list