FreeBSD Security Advisory FreeBSD-SA-20:33.openssl

Gordon Tetlow gordon at tetlows.org
Sun Dec 13 22:16:22 UTC 2020


On Sun, Dec 13, 2020 at 12:12:08PM +0000, John Long via freebsd-security wrote:
> Hi Guys,
> 
> What about adopting OpenBSD's libressl? I was expecting it to take a
> long time to be compatible but from my uneducated point of view it
> looks like they did an incredible job. I think everything on OpenBSD
> uses it.
> 
> I was running OpenBSD until I put FreeBSD 12.2 on a new box, so I
> haven't been looking at for a year or so.
> 
> Does anybody know if this is a viable option? Can we just link against
> libressl or is it (much) more involved than that?

As was mentioned elsewhere, LibreSSL isn't a great fit due to their very
limited support lifespan of a given release. Once a stable release is
made, that branch is only given 1 year of support. This doesn't mesh
well with FreeBSD's 5 year support lifespan of a given branch.

Gordon


More information about the freebsd-security mailing list