From owner-freebsd-ports@freebsd.org Tue Aug 23 20:02:10 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35FABBC462C for ; Tue, 23 Aug 2016 20:02:10 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2057D1E3F for ; Tue, 23 Aug 2016 20:02:10 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: by mailman.ysv.freebsd.org (Postfix) id 1F7B4BC462B; Tue, 23 Aug 2016 20:02:10 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F19FBC462A for ; Tue, 23 Aug 2016 20:02:10 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: from mail.xtaz.uk (tao.xtaz.uk [IPv6:2001:8b0:fe33::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC4AD1E3D for ; Tue, 23 Aug 2016 20:02:09 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk) Received: by mail.xtaz.uk (Postfix, from userid 1001) id 1E9B1209AF50; Tue, 23 Aug 2016 20:54:35 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xtaz.co.uk; s=mail; t=1471982075; x=1473796475; bh=hFjgYSq7XMmVXWjA8sRmZNfVgtiChr6aqzHkIfMkBPQ=; h=Date:From:To:Cc:Subject:References; b=PtrW0s0Lh1EIDi9a+nz7HUQ4lk+olBCNDlafMk1PT7Oa0uLJXx40HB0TBum0TWsGm aSWQMlmDibCHSDqqUnFRIvOX5gtNQTRPMMtaT/P+5rjyigGM2gZ36JkQDt2mxk+InH fSdxU5p7O8LneTEJRJY6jVm6OkOGUbNDlllNgbWJ3i2/VZTsEocnA/oNRLzSoIAOY9 P666GOTEWgIMgDjLi8/M5AB0oR4WtPMuWfYII5tI1t09TWk5xvJaP3u7IoX2ejvntb DX4rgmpkNzd3+j7+wd5TgqqQaQeczKclYHKiRZpun59ny3l7J6VL/ZRps/Tt960hUr vi0uYDO+2/+Yg== Date: Tue, 23 Aug 2016 20:54:35 +0100 From: Matt Smith To: Roger Marquis Cc: ports@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <20160823195434.GB98827@xtaz.uk> Mail-Followup-To: Matt Smith , Roger Marquis , ports@freebsd.org References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> <20160823124201.GB48814@xtaz.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Aug 2016 20:02:10 -0000 On Aug 23 12:19, Roger Marquis wrote: >Matt Smith wrote: >>Going slightly off-topic, I'm curious what the opinion is around this >>and LibreSSL. > >My organization evaluated this a few months ago and after a few diffs >and code reviews decided that libressl was the future. We updated >poudriere and all make.confs, removed openssl, installed libressl and >have had no issues. We did the same with openntp a few months earlier >and recommend both for any installation that needs good security. > >Roger I have been running libressl-devel for the past few months and other than having to manually patch a few ports to get them to compile have also had no problems. However this was the case a few months ago. My questioning is specifically related to the upcoming OpenSSL 1.1 which in theory has had a lot of work done to it by a full-time paid team of developers. In fact it was meant to be released back in May but was delayed specifically so that they could squash all remaining bugs. It would be interesting if somebody could audit the changes to see how it compares to LibreSSL after it's released. There is a possibility that it may actually be the better path going forward. -- Matt