i am, incidentally, going to continue posting "the openssl maintainers are irresponsible" threads every time they do something irresponsible and its brought to my attention. squeaky wheels get grease, after all.
Conversation
gnutls isn’t good either, libressl is better but not awesome. boringssl is pretty good.
1
LibreSSL has higher quality code but has fallen far behind on development and hasn't done a completely overhaul of the project. BoringSSL is quite good but doesn't give people a stable API and expects them to keep up with the changes. Also not meant to satisfy everyone's needs.
1
Any chance of a solution? Perhaps stable releases of BoringSSL?
1
Part of the point of BoringSSL is that it can adapt to changes in the ecosystem by dropping obsolete cryptography, platforms, features, etc. along with regularly overhauling both the API and implementation. Easy to use if your project is well maintained with security resources.
The simplest way for a distro to use BoringSSL would be to use it in libcurl. Libcurl’s API and ABI hardly depend on the underlying TLS library.
1
could use it in its base system if it wished.
1
Show replies