1. 8

  2. 5

    Bloody use LibreSSL already!

    OpenSSL did not decide to learn from its mistakes after Heartbleed and just asked for more money. But not all problems are solved if you throw money at them, and it’s just a strong indication that given the little manpower the OpenBSD project has, LibreSSL has fared very very well in regard to all the security holes that were found in OpenSSL, but eradicated in the cleanup that LibreSSL is.

    A big thank you to all developers involved with LibreSSL!

    1. 4

      It seems LibreSSL was also impacted by this though: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt

      1. 4

        Of course, sorry for not making this clear enough. But looking at the track record since they started working on LibreSSL, it fared much better than OpenSSL.

        1. 2

          It would be interesting to see how BoringSSL has fared historically compared to OpenSSL too.

        2. 4

          We dodged the ebcdic bullet though. :)