1. 13

  2. 2

    Has OpenSSL significantly improved since the debacles in the last couple years? I know a handful of large companies gave funding to improve, get rid of old code or something, but I’m not really privy to its workings.

    Or, should I be using LibreSSL and don’t know it? :)

    1. 4

      Relatively straightforward to compare now that there is competition: https://en.wikipedia.org/wiki/LibreSSL#Security_and_vulnerabilities

      1. 3

        Nice summary - this just highlights how hard it is to implement good crypto.

        For me, the high-level benefits of using LibreSSL are twofold:

        1. It’s simpler, with a lot of cruft stripped out, giving a smaller attack surface
        2. Even though it’s a fork, applicable fixes from OpenSSL can still be applied

        OS X/macOS now includes LibreSSL, BTW.