Mail archive

Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation

From: A. Wilcox <>
Date: Thu, 8 Feb 2018 13:33:58 -0600

On 02/08/18 13:22, Kevin Chadwick wrote:
> Mark Espie -
> you've got to realize that openssl deliberately broke compatibility
> with previous versions precisely to try to stop libressl.

OpenSSL "broke" compatibility with previous versions /in an attempt to
create a better API/. By "broke", that means removing functions that
were already deprecrated. It had nothing to do with LibreSSL, but I'm
glad they have a victim complex.

>> By proper, I mean an implementation that is conformant with the
>> OpenSSL 1.0.1g API, which is what was promised by LibreSSL.
> Is OpenSSL conformant, see above?

Yes, it isn't however conformant with 0.9 any more.

>> The protection improvements are the same: the custom memory management
>> code has been removed from both.
> You clearly do not know about the extra protections and priviledge
> separation in LibreSSL!!!

You must be talking about Pledge, which allows LibreSSL to declare what
system calls it will and will not be using. Of course, Pledge is only
available in OpenBSD.

> I guess you think PAM is great too?

Completely unrelated and unnecessary question.


A. Wilcox (awilfox)
Project Lead, Adélie Linux

Received on Thu Feb 08 2018 - 13:33:58 UTC