home.social

#libressl — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #libressl, aggregated by home.social.

  1. #LibreSSL 4.3.1 released today (build fix for 4.3.0), still no codenames. :flan_peek:​

    cdn.openbsd.org/pub/OpenBSD/Li

    Anyway, want to feel old? LibreSSL was forked from OpenSSL 12 years ago.

  2. Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
    gath.io/1QHAhMik4DJilA9hLttG7

    Mit von der Partie sind folgende Themen:
    #xournal ++ : Flexible, schnelle Notizapp.

    #libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.

    #newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.

    #GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
    #taler

  3. Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
    gath.io/1QHAhMik4DJilA9hLttG7

    Mit von der Partie sind folgende Themen:
    #xournal ++ : Flexible, schnelle Notizapp.

    #libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.

    #newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.

    #GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
    #taler

  4. Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
    gath.io/1QHAhMik4DJilA9hLttG7

    Mit von der Partie sind folgende Themen:
    #xournal ++ : Flexible, schnelle Notizapp.

    #libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.

    #newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.

    #GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
    #taler

  5. Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
    gath.io/1QHAhMik4DJilA9hLttG7

    Mit von der Partie sind folgende Themen:
    #xournal ++ : Flexible, schnelle Notizapp.

    #libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.

    #newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.

    #GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
    #taler

  6. Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
    gath.io/1QHAhMik4DJilA9hLttG7

    Mit von der Partie sind folgende Themen:
    #xournal ++ : Flexible, schnelle Notizapp.

    #libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.

    #newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.

    #GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
    #taler

  7. > Concretely, we expect to add ML-KEM and ML-DSA APIs that are only available with #LibreSSL/#BoringSSL/AWS-LC, and not with #OpenSSL.

    (from cryptography.io/en/latest/stat)

    But these are going be optional, right? I mean, after you killed a lot of legacy systems by requiring RustLang, you aren't going to prevent people from using #Cryptography and #Qt simultaneously, right? (Qt rejected LibreSSL support.)

    #Python

  8. Even if you don't run #OpenBSD, you might want to check out the release notes for #tmux, #LibreSSL, and #OpenSSH!

    📯 openbsd.org/78.html

  9. #LibreSSL 4.2.0 "blazeit" released today*

    cdn.openbsd.org/pub/OpenBSD/Li

    * LibreSSL releases have no codenames, officially. :flan_coffee:​

  10. @hanno Speaking of #OpenSSL, what's the state of #LibreSSL, did that manage to get some traction or did it die out? Didn't really hear much about it for a long while now.

  11. I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.

    github.com/urllib3/urllib3/iss

    #Python #Requests #Urllib3 #OpenSSL #LibreSSL

  12. I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.

    github.com/urllib3/urllib3/iss

    #Python #Requests #Urllib3 #OpenSSL #LibreSSL

  13. I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.

    github.com/urllib3/urllib3/iss

    #Python #Requests #Urllib3 #OpenSSL #LibreSSL

  14. I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.

    github.com/urllib3/urllib3/iss

    #Python #Requests #Urllib3 #OpenSSL #LibreSSL

  15. I can't count how many times I've put import requests behind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has.

    github.com/urllib3/urllib3/iss

    #Python #Requests #Urllib3 #OpenSSL #LibreSSL

  16. Big performance win in #LibreSSL thanks to tb@! CRLs are now cached in the issuer cache, reducing redundant signature verification. This speeds up workloads like rpki-client, where a single (CA, CRL) pair could eat 20-25% of runtime—now 10x faster! marc.info/?l=openbsd-cvs&m=173

  17. Обновился #OpenSSL до 3.4.0 и опять без полноценной нормальной поддержки #QUIC, т.е. непригодный для #HTTP/3 на серверной стороне. И, соответственно, ещё не ясно на сколько хорошо сделана клиентская часть :)
    Аж вспомнились времена, когда желая получить #curl поддерживающий нормально работу #HTTP/3 приходилось собирать его из исходников с аналогами/форками #OpenSSL.

    #HTTP/3 работает не через tcp-соединения, а использует в качестве транспорта протокол QUIC (Quick UDP Internet Connections), т.е. передаёт данные поверх udp без использования абстракций и сущностей tcp. Вот картинка про современный #HTTP

    Сам по себе #QUIC не умеет передавать данные в открытом виде, а может только через #TLS v1.3, т.е. в обязательном порядке только зашифрованные. Тем самым в QUIC используется встроенный вариант TLS 1.3 крайне близкий/схожий с #DTLS, поскольку работа протокола идёт на уровне обмена udp-пакетами, а не tcp-соединений.

    #curl может использовать разные альтернативы OpenSSL, т.к. изначально спроектирован таким образом, что не завязан именно на OpenSSL:
    Что предлагают по HTTP/3 авторы curl?
    Вот зелёным выделена комбинация библиотек, которую полагают наиболее стабильным и полноценным вариантом
    Вся загвоздка в том, что #OpenSSL пытается содержать в себе реализацию #QUIC, а не использует реализацию в виде какой-то библиотеки.

    Что получается в целом?
    Протокол #HTTP/3 реализуется через библиотеку #nghttp3.
    Необходимая реализация #QUIC через #ngtcp2.
    А для TLS используется #GnuTLS или же #wolfSSL или что-то ещё:
    The OpenSSL forks #LibreSSL, #BoringSSL, #AWS-LC and #quictls support the QUIC API that #curl works with using #ngtcp2.

    Вот из документация примеры и детали по сборке этих составляющих. Если выбрана #GnuTLS и в системе версия далёкая от свежих, то сама она довольно быстро собирается из исходников.

    В целом, вообще, про варианты добавления поддержки #HTTP/3 очень достойно расписано здесь. И есть перевод этой публикации на русском языке.

    #https #http #openssl #softwaredevelopment #lang_ru @Russia
  18. @sindarina @deirdresm

    @orc

    linuxmafia.com is my site.

    I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)

    The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)

    Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.

    michael.orlitzky.com/articles/

    #LetsEncrypt
    #EFF
    #LibreSSL
    #wolfSSL
    #MatrixSSL
    #indyweb

    #geezer

  19. @sindarina @deirdresm

    @orc

    linuxmafia.com is my site.

    I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)

    The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)

    Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.

    michael.orlitzky.com/articles/

    #LetsEncrypt
    #EFF
    #LibreSSL
    #wolfSSL
    #MatrixSSL
    #indyweb

    #geezer

  20. @TomAoki @peteorrall @hl @xdydx I'm surprised ... I didn't expect this to come up in the "enterprise" realm, "just" using kerberized #NFSv4 instead should be pretty fine there and it's probably more the #soho environment that will profit most from some up-to-date #smb client in #FreeBSD 😎 ... but would certainly be very nice to get that!

    Also interesting they finally want to move to #MIT #krb5 in base. I'll probably continue to build it from ports, so I can use #LibreSSL instead of #OpenSSL, but still nice, as I found you're e.g. forced to use base #kerberos with the NFS client.

  21. Package the Base | @bsdbcr @adventureloop

    Listen now: bsdnow.tv/533

    #FreeBSD on the RISC-V Architecture, A bit of #XENIX history, pkgbase: Official packages, recover lost text by coredumping #firefox, releases: #FuguIta 7.4 , #LibreSSL 3.8.2, #OpenSMTPD 7.4.0p0.
    Via @bsdnow

  22. Package the Base | @bsdbcr @adventureloop

    Listen now: bsdnow.tv/533

    #FreeBSD on the RISC-V Architecture, A bit of #XENIX history, pkgbase: Official packages, recover lost text by coredumping #firefox, releases: #FuguIta 7.4 , #LibreSSL 3.8.2, #OpenSMTPD 7.4.0p0.
    Via @bsdnow

  23. Package the Base | @bsdbcr @adventureloop

    Listen now: bsdnow.tv/533

    #FreeBSD on the RISC-V Architecture, A bit of #XENIX history, pkgbase: Official packages, recover lost text by coredumping #firefox, releases: #FuguIta 7.4 , #LibreSSL 3.8.2, #OpenSMTPD 7.4.0p0.
    Via @bsdnow

  24. Package the Base | @bsdbcr @adventureloop

    Listen now: bsdnow.tv/533

    #FreeBSD on the RISC-V Architecture, A bit of #XENIX history, pkgbase: Official packages, recover lost text by coredumping #firefox, releases: #FuguIta 7.4 , #LibreSSL 3.8.2, #OpenSMTPD 7.4.0p0.
    Via @bsdnow

  25. I'm looking for a document that describes the reaction of OpenSSL after Heartbleed until recent years. What has happened? Redesign? Refactorings?

    Is OpenSSL 3 a designed in a better way? Or is it still the dumpster fire it once was?

    #openssl #libressl #boringssl #hearbleed

    EDIT: I'm looking for a summary, not a wealth of change logs and commits.

  26. This whole / situation is getting absurd.

    I don't have sympathy for or . However, I can understand that they had good reasons to fork OpenSSL, and that switching back today would be hard.

    I can understand projects refusing to officially declare support and rejecting workarounds. But pushing LibreSSL hate to the point of blocking implementations that don't link to OpenSSL is just horrible. Users get in the crossfire, again.

    github.com/urllib3/urllib3/iss