1 |
Hello, |
2 |
|
3 |
I was discussing with steils since he asked my opinion about this |
4 |
subject. |
5 |
|
6 |
I did ask on #libressl channel on Freenode about recent security |
7 |
vulnerability between OpenSSL and LibreSSL. They told me[1] that in the |
8 |
3 security vulnerabilities discovered in 2020 in LibreSSL, only 1 have |
9 |
affected LibreSSL. Maybe that it is still more secure than OpenSSL. |
10 |
|
11 |
steils suggested me to maintain LibreSSL overlay. I would be happy to |
12 |
help on this. I already did some contributions on this overlay. |
13 |
|
14 |
Sincerely, |
15 |
|
16 |
Quentin RETORNAZ. |
17 |
|
18 |
[1]2021-01-01 02:08 <busterbcook> Late answer I know, but 3.3.1 |
19 |
released with the fix for CVE-2020-1971 (backported to 3.2.x and 3.1.x |
20 |
as well). |
21 |
2020-01-01 02:15 <busterbcook> Case_Of AFAIK, that's the only one in |
22 |
2020 that was shared between the libraries, but it was fairly minimal |
23 |
in real-world impact IIRC. The number of security bug reports for |
24 |
either has been pretty minimal for both in the last year. |
25 |
https://www.openssl.org/news/secadv/20200421.txt and |
26 |
https://www.openssl.org/news/secadv/20200909.txt didn't affect LibreSSL |
27 |
I believe. |