What are the main advantages of using LibreSSL in favor of OpenSSL

  • What are the main advantages of using LibreSSL vs OpenSSL?

    As I understood LibreSSL is a fork of OpenSSL:

    LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

    Seems like a good idea to use it.

    Is it this library widely used? Why would server administrators choose LibreSSL over OpenSSL?

    Hi Wilt, this question is actually quite opinion based and hard to answer definitively. Sysadmins have many reasons to choose one software over another, and almost all of those decisions have to take into account personalized factors like budget, manpower, and infrastructure needs.

    Take a look at these slides for your second question LibreSSL, and the new libtls AP

    @Ohnana I understand this question is on the border... But some references or must reads on this topic could really help me.

    @Silverfox Thanks for the reference! I will look into that.

  • There is a very extensive article at Wikipedia and it does not make sense to reiterate everything here. But to give you some highlights:

    • It replaces OpenSSL on OpenBSD, OS X since 10.11 and on some other systems.
    • It started with throwing away lots of stuff which was considered useless for the target platforms or insecure by design and it also added some more secure defaults.
    • The result of this is that from the 6 critical vulnerabilities in OpenSSL since the fork none affected LibreSSL.

    Why would server administrators choose LibreSSL over OpenSSL?

    If anybody cares about security or wants to better sleep at night and not care about the next OpenSSL vulnerability the choice should be clear.

    I specifically am using LibreSSL as libtls makes implementing secure TLS so, freaking easy! No longer needing to go through the horrific OpenSSL documentation, one small manpage for libtls tells you exactly everything you need to know

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM