Ah yes, LibreSSL. Where a “lol let’s not validate hostnames #yolo” is not called a security bug: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt …
“to match the OpenSSL behaviour” – yeah the obscure behavior in which you validate a hostname against the certificate.
Neither is great and both have significant problems in code and process, just different ones. BearSSL is the only TLS implementation I've seen that's not a joke.
-
-
Integrators, yes choose an OpenSSL fork carefully. Developers, stop using all this junk!
-
There's more to the story, since this bug also affected BoringSSL, and might not have been noticed when it was if it hadn't made it into a LibreSSL release: https://mail.python.org/pipermail/python-dev/2018-April/152624.html …
-
How is that relevant to the way LibreSSL is communicating that bug?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.