I really wish they had given the LibreSSL peeps more than just twenty-four hours notice. With HardenedBSD making LibreSSL a first-class citizen, it’s kinda frustrating to me that LibreSSL was left out to dry.
I wonder what reasoning OpenSSL had for not disclosing sooner to LibreSSL.
Is LibreSSL vulnerable to 6309? I can’t find the commit that fixed 6307, and all the relevant code has moved around so it’s hard (for me, at least) to tell if they have this or not.
Just a quick note that LibreSSL is not impacted by either of the issues
mentioned in the latest OpenSSL security advisory - both of the issues exist
in code that was added to OpenSSL in the last release, which is not present in
I was wondering the same about BoringSSL. We get security advisories about OpenSSL and not about the forks.
I haven’t the slightest idea. I haven’t kept up with LibreSSL on a commit-by-commit basis. Bernard Spil is our resident LibreSSL expert.