#libressl — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #libressl, aggregated by home.social.
-
#OpenBSD 7.9 has been released ( #BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc ) https://openbsd.org/
-
#OpenBSD 7.9 has been released ( #BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc ) https://openbsd.org/
-
#OpenBSD 7.9 has been released ( #BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc ) https://openbsd.org/
-
#LibreSSL 4.3.1 released today (build fix for 4.3.0), still no codenames. :flan_peek:
https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.3.1-relnotes.txt
Anyway, want to feel old? LibreSSL was forked from OpenSSL 12 years ago.
-
Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
https://gath.io/1QHAhMik4DJilA9hLttG7Mit von der Partie sind folgende Themen:
#xournal ++ : Flexible, schnelle Notizapp.#libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.
#newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.
#GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
#taler -
Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
https://gath.io/1QHAhMik4DJilA9hLttG7Mit von der Partie sind folgende Themen:
#xournal ++ : Flexible, schnelle Notizapp.#libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.
#newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.
#GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
#taler -
Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
https://gath.io/1QHAhMik4DJilA9hLttG7Mit von der Partie sind folgende Themen:
#xournal ++ : Flexible, schnelle Notizapp.#libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.
#newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.
#GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
#taler -
Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
https://gath.io/1QHAhMik4DJilA9hLttG7Mit von der Partie sind folgende Themen:
#xournal ++ : Flexible, schnelle Notizapp.#libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.
#newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.
#GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
#taler -
Diesen Donnerstag noch nichts vor und in #zurich Zuhause? Dann komm zum #ilovefreesoftwareday in der #bitwascherei
https://gath.io/1QHAhMik4DJilA9hLttG7Mit von der Partie sind folgende Themen:
#xournal ++ : Flexible, schnelle Notizapp.#libressl : OpenSSL-Fork, um die Transportverschlüsselungs zu modernisieren.
#newpipe (English): Alternative, privatsphärewahrende & werbefreie Youtube-App.
#GNU_Taler: Digitaler Geldbeutel, der schnelles, sicheres Bezahlen mit hohem Datenschutz ermöglicht.
#taler -
> Concretely, we expect to add ML-KEM and ML-DSA APIs that are only available with #LibreSSL/#BoringSSL/AWS-LC, and not with #OpenSSL.
(from https://cryptography.io/en/latest/statements/state-of-openssl/)
But these are going be optional, right? I mean, after you killed a lot of legacy systems by requiring RustLang, you aren't going to prevent people from using #Cryptography and #Qt simultaneously, right? (Qt rejected LibreSSL support.)
-
LibreSSL 4.1.2 and 4.2.1 released https://www.undeadly.org/cgi?action=article;sid=20251102090208 #openbsd #libressl #tls #ssl #security #networking #cryptography #crypto #realcrypto #libresoftware #freesoftware
-
#LibreSSL 4.2.0 "blazeit" released today*
https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-4.2.0-relnotes.txt
* LibreSSL releases have no codenames, officially. :flan_coffee:
-
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
-
-
#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
#OpenBSD 7.7 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
I can't count how many times I've put
import requestsbehind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has. -
I can't count how many times I've put
import requestsbehind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has. -
I can't count how many times I've put
import requestsbehind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has. -
I can't count how many times I've put
import requestsbehind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has. -
I can't count how many times I've put
import requestsbehind a warnings filter after urllib3's developers decided they can dictate what libraries the end user has. -
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too) https://nxdomain.no/~peter/blogposts/recent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html from 2021 but has aged surprisingly well #openbsd #freesoftware #libresoftware #libressl #ssh #pf #laptops
-
https://x.com/openbsd/status/1889330772399501381
LibreSSL is not affected by the OpenSSL vulnerabilities announced today.
-
Big performance win in #LibreSSL thanks to tb@! CRLs are now cached in the issuer cache, reducing redundant signature verification. This speeds up workloads like rpki-client, where a single (CA, CRL) pair could eat 20-25% of runtime—now 10x faster! https://marc.info/?l=openbsd-cvs&m=173900927421446&w=2
-
Обновился #OpenSSL до 3.4.0 и опять без полноценной нормальной поддержки #QUIC, т.е. непригодный для #HTTP/3 на серверной стороне. И, соответственно, ещё не ясно на сколько хорошо сделана клиентская часть :)
Аж вспомнились времена, когда желая получить #curl поддерживающий нормально работу #HTTP/3 приходилось собирать его из исходников с аналогами/форками #OpenSSL.
#HTTP/3 работает не через tcp-соединения, а использует в качестве транспорта протокол QUIC (Quick UDP Internet Connections), т.е. передаёт данные поверх udp без использования абстракций и сущностей tcp. Вот картинка про современный #HTTP
Сам по себе #QUIC не умеет передавать данные в открытом виде, а может только через #TLS v1.3, т.е. в обязательном порядке только зашифрованные. Тем самым в QUIC используется встроенный вариант TLS 1.3 крайне близкий/схожий с #DTLS, поскольку работа протокола идёт на уровне обмена udp-пакетами, а не tcp-соединений.
#curl может использовать разные альтернативы OpenSSL, т.к. изначально спроектирован таким образом, что не завязан именно на OpenSSL:- Есть официальная документация что и как с бэкендами вообще.
- Рядом, примерно там же имеется сравнение разных криптографических бэкендов.
Что предлагают по HTTP/3 авторы curl?
Вот зелёным выделена комбинация библиотек, которую полагают наиболее стабильным и полноценным вариантом
Вся загвоздка в том, что #OpenSSL пытается содержать в себе реализацию #QUIC, а не использует реализацию в виде какой-то библиотеки.
Что получается в целом?
Протокол #HTTP/3 реализуется через библиотеку #nghttp3.
Необходимая реализация #QUIC через #ngtcp2.
А для TLS используется #GnuTLS или же #wolfSSL или что-то ещё:The OpenSSL forks #LibreSSL, #BoringSSL, #AWS-LC and #quictls support the QUIC API that #curl works with using #ngtcp2.
Вот из документация примеры и детали по сборке этих составляющих. Если выбрана #GnuTLS и в системе версия далёкая от свежих, то сама она довольно быстро собирается из исходников.
В целом, вообще, про варианты добавления поддержки #HTTP/3 очень достойно расписано здесь. И есть перевод этой публикации на русском языке.
#https #http #openssl #softwaredevelopment #lang_ru @Russia -
linuxmafia.com is my site.
I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)
The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)
Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.
https://michael.orlitzky.com/articles/lets_not_encrypt.xhtml
#LetsEncrypt
#EFF
#LibreSSL
#wolfSSL
#MatrixSSL
#indyweb
#geezer -
linuxmafia.com is my site.
I really don't care about SSL (on my site), because there's no compelling use-case for https for anything the site does. (I could remove the current self-signed cert with no functional loss.)
The whole CA thing is notorious security theatre as implemented. (See Schneier's entire chapter on that in Secrets and Lies.)
Yes, I'll probably eventually upgrade to a serious SSL implementation using something less hopeless than OpenSSL (looking at wolfSSL and MatrixSSL in addition to the obvious LibreSSL [edit: add Rustls and possibly others; would have to check my records]), and I'll probably accomodate the unthinking masses with a Let's Encrypt cert the way MIchael Orlitzky eventually did, but think it's a well-meaning solution (from excellent and righteous people who are cherished friends) to the wrong problem, for the same reason MIchael Orlitzky does.
https://michael.orlitzky.com/articles/lets_not_encrypt.xhtml
#LetsEncrypt
#EFF
#LibreSSL
#wolfSSL
#MatrixSSL
#indyweb
#geezer -
#OpenBSD 7.5 has been released (#BSD / #NetBSD / #386BSD / #Unix / #LibreSSL / #OpenSSH / #OpenBGPD / #OpenSMTPD / #OpenNTPD / #OpenIKED / #rpkiClient / #mandoc) https://openbsd.org/
-
@TomAoki @peteorrall @hl @xdydx I'm surprised ... I didn't expect this to come up in the "enterprise" realm, "just" using kerberized #NFSv4 instead should be pretty fine there and it's probably more the #soho environment that will profit most from some up-to-date #smb client in #FreeBSD 😎 ... but would certainly be very nice to get that!
Also interesting they finally want to move to #MIT #krb5 in base. I'll probably continue to build it from ports, so I can use #LibreSSL instead of #OpenSSL, but still nice, as I found you're e.g. forced to use base #kerberos with the NFS client.
-
I'm looking for a document that describes the reaction of OpenSSL after Heartbleed until recent years. What has happened? Redesign? Refactorings?
Is OpenSSL 3 a designed in a better way? Or is it still the dumpster fire it once was?
#openssl #libressl #boringssl #hearbleed
EDIT: I'm looking for a summary, not a wealth of change logs and commits.
-
This whole #urllib3 / #OpenSSL situation is getting absurd.
I don't have sympathy for #OpenBSD or #LibreSSL. However, I can understand that they had good reasons to fork OpenSSL, and that switching back today would be hard.
I can understand projects refusing to officially declare support and rejecting workarounds. But pushing LibreSSL hate to the point of blocking #Python implementations that don't link to OpenSSL is just horrible. Users get in the crossfire, again.