From owner-freebsd-security@freebsd.org Tue Oct 31 12:24:34 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BB3BE58809; Tue, 31 Oct 2017 12:24:34 +0000 (UTC) (envelope-from swall@redcom.com) Received: from smtp1.redcom.com (smtp1.redcom.com [192.86.3.143]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB6C734D3; Tue, 31 Oct 2017 12:24:33 +0000 (UTC) (envelope-from swall@redcom.com) Received: from localhost (localhost [127.0.0.1]) by smtp1.redcom.com (Postfix) with ESMTP id E42CCA043; Tue, 31 Oct 2017 08:24:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at redcom.com Received: from smtp1.redcom.com ([127.0.0.1]) by localhost (smtp1.redcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cmeTgvPpBMCa; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from pie.redcom.com (pie [192.168.33.15]) by smtp1.redcom.com (Postfix) with ESMTP id 4B5DFA02A; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from exch-02.redcom.com (exch-02.redcom.com [192.168.32.9]) by pie.redcom.com (8.11.7p1+Sun/8.10.2) with ESMTP id v9VCO0l29495; Tue, 31 Oct 2017 08:24:25 -0400 (EDT) Received: from exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) by exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Tue, 31 Oct 2017 08:24:00 -0400 Received: from exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b]) by exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b%12]) with mapi id 15.00.1178.000; Tue, 31 Oct 2017 08:24:00 -0400 From: "Wall, Stephen" To: "freebsd-security@freebsd.org security" , "freebsd-hackers@freebsd.org" , "freebsd-arch@freebsd.org" Subject: RE: Crypto overhaul Thread-Topic: Crypto overhaul Thread-Index: AQHTT1k1W13dziFDt0aDYDljK8GQJKL4ZliAgABmMICAAF5RAIAASuEAgAAMbICAAL3/gIACEAMAgAHQlwD//8TWEA== Date: Tue, 31 Oct 2017 12:23:59 +0000 Message-ID: References: <13959.1509132270@critter.freebsd.dk> <20171028022557.GE96685@kduck.kaduk.org> <23376.1509177812@critter.freebsd.dk> <20171028123132.GF96685@kduck.kaduk.org> <24228.1509196559@critter.freebsd.dk> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.84.20] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 31 Oct 2017 12:47:22 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2017 12:24:34 -0000 > At least as about its first year and a half, LibreSSL had a markedly > better track record than OpenSSL (zero high-severity CVEs vs 5 from > OpenSSL, about half as many mid- and low-security CVEs). Are any of these relevant to the crypto module? Or are they all only appli= cable to the SSL protocol? As I understand the discussion so far, the goal is to unify all the dispara= te crypto pieces in the base system. That could certainly be done using Op= enSSLs libcrypto, and let users select their SSL provider from the ports tr= ee. -spw