Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Dec 2020 10:14:01 +0100
From:      Robert Schulze <rs@bytecamp.net>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl
Message-ID:  <72f2110e-8f1b-76ca-4dd8-2d7283b951d6@bytecamp.net>
In-Reply-To: <20201211064628.GM31099@funkthat.com>
References:  <20201209230300.03251CA1@freefall.freebsd.org> <20201211064628.GM31099@funkthat.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
> 
> Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> than we are now.  OpenSSL 3.0.0 has no support commitment announced
> yet, and sticking with 1.1.1 for 13 will put us even in a worse
> situation than we are today.
> 
> What are peoples thoughts on how to address the support mismatch between
> FreeBSD and OpenSSL?  And how to address it?
> 
> IMO, FreeBSD does need to do something, and staying w/ OpenSSL does
> not look like a viable option.
> 

you may install a current OpenSSL via ports if you like to.
I don't see any OpenSSL fork to be more reliable than its predecessor
but there has been done much work in the portstree to enable the system
administrator to switch.

There is not much left (if anything) to be done in FreeBSD itself
regarding the standard crypto library.

regards,
Robert Schulze



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?72f2110e-8f1b-76ca-4dd8-2d7283b951d6>