Giancarlo Razzolini wrote:
Writing in caps doesn't make your assumption correct. I'd really like
that everybody would switch to LibreSSL. But It will not be as simple as
you are putting. First of all, there are lots of money involved. And
now, even more, because the Linux Foundation is funding OpenSSL. So,
there are politics involved also.
And, unfortunately, I believe that LibreSSL will share some of the bugs
of OpenSSL for some time to come. And, don't fool yourself, it will have
new bugs. I had to change lots of passwords too, so I know what you're
talking about. Funny thing, that I didn't needed to change any of my
banking passwords.
Cheers,
As a simple user who influences these decisions in deployments, I can
tell you my desire is to ssh tunnel all my openssl connections until the
guys who make SSH finish fixing ssl.
Look at SSH's track record compared to OpenSSL.
It's not practical but that is my desire :)
--Dan
