Slashdot Mirror

← Back to Stories (view on slashdot.org)

LibreSSL Unaffected By DROWN

Posted by timothy on from the waterproof dept.

serviscope_minor writes: The OpenBSD people forked and heavily cleaned up OpenSSL to create LibreSSL due to dissatisfaction with the maintainance of OpenSSL, culminating in the heartbleed bug. The emphasis has been on cleaning up the code and improving security, which includes removing things such as SSL2 which has fundamental security flaws. As a result, LibreSSL is not affected by the DROWN bug. LibreSSL is largely compatible with OpenSSL. The main exceptions are in the cases where programs use insecure functions removed from libreSSL, or require bug compatiblity with OpenSSL.

3 of 60 comments (clear)

  1. Another Fine Reason... by Anonymous Coward · · Score: 2, Interesting

    I abandoned Linux in favor of OpenBSD earlier this year. I'm tired of how spread thin Linux developers on some projects have become and/or how complacent. My needs are minimal albeit specialized, so I need developers who actually care about code quality. Theo and team most certainly care about code quality. I've given up a little in the transition to BSD, but the stability, predictability, and ease of use have won me over. I started looking at OpenBSD seriously in 2001, but never made the jump. Better late than never...

    1. Re:Another Fine Reason... by Anonymous Coward · · Score: 2, Interesting

      OP here... You miss my gist. Linux and attending userland software, of which OpenSSL is but one, are having massive quality control issues compared with the BSDs. I've been a Linux user on the server and desktop since the mid 90s. I've administered BSD servers since 2000. In 2001, I considered moving my personal requirements over the Linux, as I mentioned above, but never pulled the trigger. A host of things has made me re-think my position: systemd, the Debian developers debacles, general Balkanization of Linux streams of thought on things that really do affect the direction of the kernel and various distros. It's all become too much. I want what I stated above: stability, predictability, and ease of use. OpenBSD and FreeBSD give me this, and after years of working with FreeBSD on servers, I admire the robustness and simplicity of administration compared to Linux. I chose OpenBSD for myself because of OpenBSD's fantastic laptop support for things like wireless chipsets, suspend, etc. I also like their more rapid development model (every 6 months).

  2. Re:Why is this newsworthy? by Anonymous Coward · · Score: 1, Interesting

    I found it informative. You're just mad the OpenBSD people produce better code.