X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) by lists.alpinelinux.org (Postfix) with ESMTP id 862555C6486 for ; Thu, 11 Oct 2018 15:56:05 +0000 (GMT) Received: by mail-ot1-f52.google.com with SMTP id u22so9379288ota.12 for ; Thu, 11 Oct 2018 08:56:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zJKW3VtS1ijzlaF4eeRli/q8gOJgfhtv/yvTg1dkesk=; b=C/X5JLfYhUJy5KgYeETHukMHY7Z7IoQ4EUtAGA+7/Q6kRPF01TgUAvXHMR9WTFQM+6 P7wqF38sJIn7Cp3HucYA2cf/T96irxU8ykpJrNrYnMojb638pDh/FYMoBN5anqdHCzRz 5MhxtUIXNI0yxs7Lvfr59jIJwmrYG94r0Yrz88l2ACHlpTDlhVf8vvlKBdN6VhXR/kl/ i2WH1qMdwN1I79k5N40i/tm4I3bnstK2t1u0ADJToB+Q9mPE2dqGjyNiXrbZ3eoQbMGm dSRXuj9nbdasNsz9hcZIui2RxZDsDekEuom73q9D6X5XWPgRC7rRpXWTT0qyKjJLRUQr P/vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zJKW3VtS1ijzlaF4eeRli/q8gOJgfhtv/yvTg1dkesk=; b=hi+Tx4c61S9KaLOPQHlNuk+amzgSson0MDaZeadSsVX6bqDTcMA/xSOodgKLZznvlv 81ReWxx7x3yT4TzQeQR3PR0gDd2knzjpzIf2RrPU/FBIM5siATEGJdtbDN0ESm5KnG2D BixcBXVm/ZbXzA//41r5+ym4AhUz3Xju9dxnWtSZFC0vl0Ml4+6aWt4v/0qE3X7xWJyq jknrJ0YPWq4WNecm2CFJ5IRb6cIb+bdrlD9RHSt4Bmg4FXup16pK/Q+8MfIcL/ow2Ju9 qBKClkg7xqxwAgsI7OToYdXPUyNpDwsOw9OZjdnP1WTH0gK0TRwFblnA3sNJ3C8fz7rX ZlkQ== X-Gm-Message-State: ABuFfohGJktDHWegYjC1X8shcq7VSx8YUGxJv7J2bjOjemQypQBtWN9l Ml5mEkmCgyzhLkK7T22ZWNbjicth9C0oj30hC8oMNlsP X-Google-Smtp-Source: ACcGV60qzG0rHjdsIwhwvQ3tEy6oTKDXbt8TqyI20noTyb6EWURD+suRAtT3tUmRgOVIeWE3hR60d0oDbHlvV4TFGMg= X-Received: by 2002:a9d:3b42:: with SMTP id z60mr1449533otb.94.1539273364963; Thu, 11 Oct 2018 08:56:04 -0700 (PDT) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 References: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw> In-Reply-To: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw> From: =?UTF-8?Q?Timo_Ter=C3=A4s?= Date: Thu, 11 Oct 2018 18:55:54 +0300 Message-ID: Subject: Re: [alpine-devel] Switching back to OpenSSL To: Natanael Copa Cc: Alpine Development Content-Type: multipart/alternative; boundary="0000000000002184990577f60284" --0000000000002184990577f60284 Content-Type: text/plain; charset="UTF-8" +1 for openssl Libressl removed things we need. Like engine support. On Thu, 11 Oct 2018, 18.54 Natanael Copa, wrote: > Hi, > > Are there any good reasons to not switch back to OpenSSL for v3.9? > > Some reasons why I think we should switch back to OpenSSL: > - better upstream support from projects > - To my understanding, various of the issues in OpenSSL that made us > switch to libressl have been resolved. (for example memory management) > - libressl failed to retain compability with OpenSSL > - libressl breaks ABI every 6 months, OpenSSL does not > - FIPS support > > Some reasons to why we may continue with libressl may be: > - its smaller > - has fewer CVEs (due to their approach to remove stuff) > - libtls > > Previous thread on the issue: > http://lists.alpinelinux.org/alpine-devel/6073.html > > > -nc > > > --- > Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org > Help: alpine-devel+help@lists.alpinelinux.org > --- > > --0000000000002184990577f60284 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
+1 for openssl

Libressl removed things we need. Like engine support.

On Thu, 11 Oct 2018, 18.54 Natanae= l Copa, <ncopa@alpinelinux.org<= /a>> wrote:
Hi,

Are there any good reasons to not switch back to OpenSSL for v3.9?

Some reasons why I think we should switch back to OpenSSL:
- better upstream support from projects
- To my understanding, various of the issues in OpenSSL that made us
=C2=A0 switch to libressl have been resolved. (for example memory managemen= t)
- libressl failed to retain compability with OpenSSL
- libressl breaks ABI every 6 months, OpenSSL does not
- FIPS support

Some reasons to why we may continue with libressl may be:
- its smaller
- has fewer CVEs (due to their approach to remove stuff)
- libtls

Previous thread on the issue:
http://lists.alpinelinux.org/alpine-de= vel/6073.html


-nc


---
Unsubscribe:=C2=A0 alpine-devel+unsubscribe@l= ists.alpinelinux.org
Help:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0alpine-devel+= help@lists.alpinelinux.org
---

--0000000000002184990577f60284-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---