On 10/31/2017 08:23, Wall, Stephen wrote: >> At least as about its first year and a half, LibreSSL had a markedly >> better track record than OpenSSL (zero high-severity CVEs vs 5 from >> OpenSSL, about half as many mid- and low-security CVEs). > > Are any of these relevant to the crypto module? Or are they all only > applicable to the SSL protocol? > > As I understand the discussion so far, the goal is to unify all the disparate > crypto pieces in the base system. That could certainly be done using > OpenSSLs libcrypto, and let users select their SSL provider from the ports > tree.
That's already how things work, but it doesn't provide a viable solution for kernel and boot loader APIs. There's apparently been at least one attempt to embed OpenSSL into the kernel, to no avail. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
