| 1 |
On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote: |
| 2 |
> For a long time now, OpenSMTPD stopped supporting OpenSSL, only |
| 3 |
> supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is |
| 4 |
> stuck on the 6.0 version. I'm not happy about this. |
| 5 |
|
| 6 |
I've got OpenSMTPD v6.6.2-p1 running on Gentoo with OpenSSL 1.1 |
| 7 |
without any patches or problems whatsoever. So while upstream |
| 8 |
encourages to use LibreSSL, OpenSSL is still supported by |
| 9 |
OpenSMTPD. Quoting their CHANGES.md: |
| 10 |
|
| 11 |
It's preferable to depend on LibreSSL as OpenSMTPD is written |
| 12 |
and tested with that dependency. In addition, the features |
| 13 |
parity is not respected, some features will not be available |
| 14 |
with OpenSSL, like ECDSA server-side certificates support in |
| 15 |
this release. OpenSSL library is considered as a best effort |
| 16 |
target TLS library and provided as a commodity, LibreSSL has |
| 17 |
become our target TLS library. |
| 18 |
|
| 19 |
So as long as you don't require any features implemented with |
| 20 |
libressl, only, you should be fine. |
| 21 |
|
| 22 |
> It looks like other distros solve this by allowing libressl to install |
| 23 |
> its libraries to /usr/lib/libressl or similar, so that they can |
| 24 |
> coexist with openssl, allowing programs like OpenSMTPD. |
| 25 |
> |
| 26 |
> Any libressl developers interested in this sort of thing? |
| 27 |
> |
| 28 |
> Jason |
| 29 |
|
| 30 |
Patrick |
Archives