Have the devs at IPFire considered switching to LibreSSL from OpenSSL 1.1.1 branch?
With OpenBSD’s reputation for code reviews and security focused development, doesn’t it make sense to add the extra mitigations that a move from OpenSSL 1.1.1 branch to LibreSSL would provide. It’s extra security for free, essentially.
Unless the plan is to eventually move to the OpenSSL 3.0 branch?
Hi,
I am currently working on OpenSSL 3.0 for Core Update 170.
Thanks, and best regards,
Peter Müller
Hi,
just as a quick update: Except for monitoring-plugins, all blockers are now resolved.
However, I doubt OpenSSL 3.0 will come with Core Update 170, since no stable release of monitoring-plugins compatible to the API changes of OpenSSL has been released yet (the last one dates April 2021). Since it is monitoring, I would rather wait for a stable release than shipping OpenSSL 3.0 at all costs, including potentially unripe monitoring plugins…
Thanks, and best regards,
Peter Müller