1. 37
  1. 13

    This Twitter thread appears to have additional context: https://nitter.net/ariadneconill/status/1457787938683580425

    1. 5

      HardenedBSD had to switch back to OpenSSL from LibreSSL a few years back. I’d love it if HardenedBSD’s community came together to re-add LibreSSL as the default crypto lib in base. But, that work is especially daunting when you consider you also have to maintain/fix the resulting breakages for over 30,000 packages.

      1. 3

        Very interesting. That does all sound very worrying for anyone relying on OpenSSL going forward.

        It’s frustrating that FIPS mode could be the deal-breaker, I hope they find a way to make that work.

        1. 3

          Kinda tangential, but is FIPS strictly a US thing? I’ve never heard of it outside of that, but then again I hadn’t heard about FIPS for a very long time in general.

          1. 3

            Yes, it’s “Federal Information Processing Standards” as in US Federal.

            1. 2

              My understanding is that FIPS requires some ciphersuites that the LibreSSL project deems weak or insecure and thus won’t include.

              I’m not part of the Alpine project, but I wonder how much would be “lost” by declaring Alpine non-FIPS compliant. It would suck for the poor saps required to use FIPS but surely there are alternatives.

              1. 10

                FIPS also, if I remember correctly, requires that the specific build be certified, so you can’t even just build your own version of OpenSSL and have it FIPS compliant, you need to ship a blob that has gone through the certification process. OpenSSL has some dynamic loading goo that lets you plug in a FIPS-complaint module, it doesn’t provide that module (it did briefly but now it’s purely a third-party thing). My understanding is that ‘FIPS Compliant’ is a synonym for ‘definitely insecure but not my liability when you’re compromised’ but I might be overly cynical.

                1. 5

                  Correct. Here is a summary for it: https://www.openssl.org/docs/fips.html (with a link to the 3.0 version). It’s not so much insecure as “very conservative”. I’m not aware of the certified version being vulnerable and the public API gets updated/fixed with openssl.

                  1. 1

                    Thanks for the clarification!

              2. 0

                That is true and also useless information, because I probably wouldn’t have asked if I hadn’t known what it stands for.

                The NIST curves are also “from the US”, so is FIPS 10, and they have leaked into global usage (and the latter is a mess).

          2. 2

            promoting libtls makes it easier to eventually fully switch to BearSSL, via @michaelforney’s libtls-bearssl

            hmm! Yeah this is interesting. It would be cool to have a libtls-rustls as well. Is there a good test suite for the libtls API?