Date: Tue, 31 Oct 2017 12:23:59 +0000 From: "Wall, Stephen" <swall@redcom.com> To: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: RE: Crypto overhaul Message-ID: <f331e70771ed4eb28878a4ae00905cc2@exch-02.redcom.com> In-Reply-To: <cfa28da2-0a4b-c6b9-2e22-3fbb1bbc9394@metricspace.net> References: <dc08792a-3215-611c-eb9f-4936a0d621f9@metricspace.net> <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q@mail.gmail.com> <13959.1509132270@critter.freebsd.dk> <CAG5KPzxGtAwV-svCv24FbZtLvxKCwX7OSyb2pPaTc63EUmFFGA@mail.gmail.com> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net> <e83f9add-d6d4-494d-669a-215765c0b5eb@elischer.org> <cfa28da2-0a4b-c6b9-2e22-3fbb1bbc9394@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> At least as about its first year and a half, LibreSSL had a markedly > better track record than OpenSSL (zero high-severity CVEs vs 5 from > OpenSSL, about half as many mid- and low-security CVEs). Are any of these relevant to the crypto module? Or are they all only applicable to the SSL protocol? As I understand the discussion so far, the goal is to unify all the disparate crypto pieces in the base system. That could certainly be done using OpenSSLs libcrypto, and let users select their SSL provider from the ports tree. -spw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f331e70771ed4eb28878a4ae00905cc2>