Void Linux uses LibreSSL by default since 2014. http://www.voidlinux.eu/news/2014/08/LibreSSL-by-default.html
On Sun, Jan 29, 2017 at 11:27 PM, Marc Collin <[email protected]> wrote: > Alpine Linux uses LibreSSL by default since October. > > https://lists.alpinelinux.org/alpine-devel/5463.html > > > > On Sun, Jan 29, 2017 at 8:49 PM, Quentin Rameau <[email protected]> wrote: >> On Sun, 29 Jan 2017 23:38:17 +0100 >> Laslo Hunhold <[email protected]> wrote: >> >>> On Sun, 29 Jan 2017 17:16:55 -0500 >>> "S. Gilles" <[email protected]> wrote: >>> >>> Hey, >>> >>> > On my Linux system (Gentoo), it's available as part of the libressl >>> > package. It even seems to have manpages taken directly from >>> > OpenBSD. >>> >>> I'm running Gentoo as well and should've given the libressl-ebuild >>> more consideration. To be honest, making the switch from OpenSSL to >>> LibreSSL is still non-trivial, but there is progress. >>> >>> I was wondering if it even works with OpenSSL. Looking at tls.c, it's >>> using tls_internal.h, which makes me assume that it's closely bound to >>> LibreSSL. I follow LibreSSL-development very closely and am shocked in >>> what state the OpenSSL-codebase was/is. >>> Every developer working on LibreSSL is doing god's work and for good >>> reason more and more independent security researchers are sending >>> their patches to the LibreSSL-team instead of the OpenSSL-team, whose >>> sole purpose at the time when Heartbleed was discovered in 2014 >>> seemed to be to give FIPS-seminars and raise funds. >>> It speaks for itself that issues in their bugtracker were ignored; to >>> the point, that the LibreSSL-devs went through it and applied the >>> fixes themselves. Also take a look at the significant number of CVE's >>> in the last years which LibreSSL wasn't affected by because they >>> deployed good coding measures, removed cruft and generally put more >>> trust in the underlying operating system to provide good random data, >>> a good memory allocator and so on. >>> >>> What is truly remarkable is the fact that such a little team around >>> Bob Beck was able to pull this off so efficiently. >>> >>> I wonder why there is not even more effort to adopt LibreSSL in the >>> major Linux distributions. I think it's just a matter of time until we >>> see the next major security hole in OpenSSL. >>> >>> Cheers >>> >>> Laslo >>> >> >> Cool story, bro >>
