From owner-freebsd-hackers@freebsd.org  Sun Oct 29 11:31:06 2017
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A993E60F43
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sun, 29 Oct 2017 11:31:06 +0000 (UTC)
 (envelope-from mandree@FreeBSD.org)
Received: from mandree.no-ip.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3178376448
 for <freebsd-hackers@freebsd.org>; Sun, 29 Oct 2017 11:31:05 +0000 (UTC)
 (envelope-from mandree@FreeBSD.org)
Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1])
 by apollo.emma.line.org (Postfix) with ESMTP id 7E37E23D1ED
 for <freebsd-hackers@freebsd.org>; Sun, 29 Oct 2017 12:31:03 +0100 (CET)
Subject: Re: Crypto overhaul
To: freebsd-hackers@freebsd.org
References: <dc08792a-3215-611c-eb9f-4936a0d621f9@metricspace.net>
 <CAG5KPzws=jmF2wLeEAz8Lzn7Ugude=0w5neoQjeDjYnGtJpS9Q@mail.gmail.com>
 <13959.1509132270@critter.freebsd.dk>
 <CAG5KPzxGtAwV-svCv24FbZtLvxKCwX7OSyb2pPaTc63EUmFFGA@mail.gmail.com>
 <20171028022557.GE96685@kduck.kaduk.org>
 <23376.1509177812@critter.freebsd.dk>
 <20171028123132.GF96685@kduck.kaduk.org>
 <24228.1509196559@critter.freebsd.dk>
 <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net>
From: Matthias Andree <mandree@FreeBSD.org>
Message-ID: <cbfd869b-6127-c9a5-2dd2-694bf430ae61@FreeBSD.org>
Date: Sun, 29 Oct 2017 12:31:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <df46aaa5-13a9-2fc6-bcd2-d57d792800eb@metricspace.net>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: de-DE
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2017 11:31:06 -0000

Am 29.10.2017 um 02:36 schrieb Eric McCorkle:
> On 10/28/2017 09:15, Poul-Henning Kamp wrote:
>> --------
>> In message <20171028123132.GF96685@kduck.kaduk.org>, Benjamin Kaduk writes:
>>
>>> I would say that the 1.1.x series is less bad, especially on the last count,
>>> but don't know how much you've looked at the differences in the new branch.
>> While "less bad" is certainly a laudable goal for OpenSSL, I hope
>> FreeBSD has higher ambitions.
>>
> I'm curious about your thoughts on LibreSSL as a possible option.

To me as application developer (fetchmail) and user of FreeBSD on a
vserver as web/mail server, I've seen LibreSSL break its users too often,
require extra hoops to detect its old API as opposed to OpenSSL
1.1.x/1.0.x distinction, so it gambled away the little trust I had and
I've cast it out again from my computers and just committed the bare
minimals to detect and warn about LibreSSL.

Just going on a rampage with the fork, badmouthing OpenSSL (which has
come quite a way since LibreSSL forked off), doesn't quite build the
case for LibreSSL to become a fully-fledged SSL/TLS/crypto replacement
stack for OpenSSL, in my book.