| 1 |
Hello, |
| 2 |
|
| 3 |
I was discussing with steils since he asked my opinion about this |
| 4 |
subject. |
| 5 |
|
| 6 |
I did ask on #libressl channel on Freenode about recent security |
| 7 |
vulnerability between OpenSSL and LibreSSL. They told me[1] that in the |
| 8 |
3 security vulnerabilities discovered in 2020 in LibreSSL, only 1 have |
| 9 |
affected LibreSSL. Maybe that it is still more secure than OpenSSL. |
| 10 |
|
| 11 |
steils suggested me to maintain LibreSSL overlay. I would be happy to |
| 12 |
help on this. I already did some contributions on this overlay. |
| 13 |
|
| 14 |
Sincerely, |
| 15 |
|
| 16 |
Quentin RETORNAZ. |
| 17 |
|
| 18 |
[1]2021-01-01 02:08 <busterbcook> Late answer I know, but 3.3.1 |
| 19 |
released with the fix for CVE-2020-1971 (backported to 3.2.x and 3.1.x |
| 20 |
as well). |
| 21 |
2020-01-01 02:15 <busterbcook> Case_Of AFAIK, that's the only one in |
| 22 |
2020 that was shared between the libraries, but it was fairly minimal |
| 23 |
in real-world impact IIRC. The number of security bug reports for |
| 24 |
either has been pretty minimal for both in the last year. |
| 25 |
https://www.openssl.org/news/secadv/20200421.txt and |
| 26 |
https://www.openssl.org/news/secadv/20200909.txt didn't affect LibreSSL |
| 27 |
I believe. |
Archives