Date: Fri, 11 Dec 2020 10:14:01 +0100 From: Robert Schulze <rs@bytecamp.net> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <72f2110e-8f1b-76ca-4dd8-2d7283b951d6@bytecamp.net> In-Reply-To: <20201211064628.GM31099@funkthat.com> References: <20201209230300.03251CA1@freefall.freebsd.org> <20201211064628.GM31099@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Am 11.12.20 um 07:46 schrieb John-Mark Gurney: > > Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation > than we are now. OpenSSL 3.0.0 has no support commitment announced > yet, and sticking with 1.1.1 for 13 will put us even in a worse > situation than we are today. > > What are peoples thoughts on how to address the support mismatch between > FreeBSD and OpenSSL? And how to address it? > > IMO, FreeBSD does need to do something, and staying w/ OpenSSL does > not look like a viable option. > you may install a current OpenSSL via ports if you like to. I don't see any OpenSSL fork to be more reliable than its predecessor but there has been done much work in the portstree to enable the system administrator to switch. There is not much left (if anything) to be done in FreeBSD itself regarding the standard crypto library. regards, Robert Schulze
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72f2110e-8f1b-76ca-4dd8-2d7283b951d6>