LibreSSL 2.2.2 Released

An anonymous reader writes: LibreSSL 2.2.2 has been released. According to the release notes: "This release marks the end of the OpenBSD 5.8 development cycle, featuring expanded portable build support, code improvements, removal of obsolete workarounds....The LibreSSL project continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible." This is the first LibreSSL release that has completely removed SSLv3 support.

Is it FIPS certified?

[sinij]

It is about time we get viable alternative to OpenSSL. Unfortunately, LibreSSL is not FIPS certified, and as such won't be used for government-facing projects. This means as a system integrator I have a choice - use OpenSSL (and private label certify it) and be able to sell my product to industry and government client, or use LibreSSL and only be able to sell to industry clients.

Re:Is it FIPS certified?

I'm no expert, but didn't LibreSSL remove support for some algorithms mandated by FIPS that are known to be insecure? I could be wrong, but I have the impression that it can't be certified because the standard itself is compromised.

Re:Is it FIPS certified?

[Christian+Smith]

I'm no expert, but didn't LibreSSL remove support for some algorithms mandated by FIPS that are known to be insecure? I could be wrong, but I have the impression that it can't be certified because the standard itself is compromised.

As I understand it, FIPS dictates that if encryption is used, the encryption used must be FIPS certified. If they remove cipher X, then clearly you're not using cipher X and it doesn't need to be FIPS certified. I don't think FIPS dictates the list of required available ciphers, just the list of allowed ciphers.

I reserve the right to be wrong and corrected, mind.

Re:Is it FIPS certified?

[sinij]

You are probably thinking about Dual_EC_DRBG, support for it has been removed by NIST since 2013.

Generally, FIPS certification would only include things you do, and mandate how to do them. For example, if you implement AES256-GCM, you will have to demonstrate that it is implemented according to the standard - NIST SP 800-38D, but you don't have to implement it.

Re:Is it FIPS certified?

[kriston]

We have a viable alternative. It's called NSS from Mozilla, and it's free of all patent encumberments that have plagued LibreSSL/OpenSSL/SSLeay to this day. It also offers FIPS compliance.

https://wiki.mozilla.org/NSS

Re:Is it FIPS certified?

You are correct. You may not include a disallowed cipher suite, but you are free to omit any you desire if you feel them to be insecure.

Re:Is it FIPS certified?

[sinij]

I am not going to argue "pointless box-ticking exercises" point, but without FIPS certification LibreSSL adoption will always be limited.

As analogy, lets say you discovered cure for cancer that can be made at home from 5$-worth of household supplies. Until you get it FDA approved, people would still die from cancer.

Re:Is it FIPS certified?

[jandrese]

The OpenBSD guys don't care about FIPS, but if someone else does they're more than welcome to take the LibreSSL code and run it through the FIPS process. The OpenBSD team has already said that they think FIPS does more harm than good, because it locks you into exactly one version of the library which makes it difficult to apply fixes without breaking the certification. People want FIPS certification to mean "this has been proven safe", but that's not true and is impossible for non-trivial projects.

Re:Is it FIPS certified?

[sinij]

It is all but impossible for "interested party" to do this without support of developers. You need to have at least two participants - lab and sponsor. Lab can only test and report, sponsor has to develop evidence, run test vectors and so on. Even if you could find a lab that would agree to do it for free, you still have to have someone create test harnesses, write docs and so on.

Re:Is it FIPS certified?

[nsuccorso]

Clue meter reading zero, sir. No outward signs of intelligence.

Re:Is it FIPS certified?

pfft. One of the complaints about openssl was that it tacked on code just to gain FIPS certification. So it gets certified, but now is still loaded with obsolete, insecure cruft that makes it less secure and vulnerable to attacks. In which case, its FIPS certification status is meaningless in terms of providing real security.

Re:Is it FIPS certified?

[sinij]

I disagree. FIPS main goal is to mitigate people from making preventable mistakes from home-cooking crypto primitives. This was a big issue during early 90s. In this regard - NIST succeeded. We now have open standards, reference implementations, and openly available testing tools. You could even argue that FIPS program succeeded tot he point of becoming irrelevant. For example, hardly anyone get AES wrong these days. Do you think for a moment that if NIST were to go away and stop supporting FIPS, big corps like RSA Security wouldn't crawl back and try to proprietary lock everything down? Imagine having to pay royalties for implementing TLS 3.0, and imagine what that would to to Open Source.

Re:Is it FIPS certified?

[QuietLagoon]

...FIPS main goal is to mitigate people from making preventable mistakes from home-cooking crypto primitives. ...

The main goal of FIPS should be secure systems in today's dynamic security environment. Note the word "dynamic". Can FIPS move quickly enough?

Re:Is it FIPS certified?

[slashdice]

> you still have to have someone create test harnesses, write docs and so on.

Right, someone like... an "interested party".