On Mon, 14 Jul 2014, Bob Beck wrote: > Hi, thanks for the note. > > I know a number of those issues have fixes pending upstream, many of > them are due to checking of version number > stuff that we really can't continue to support. - if we "pretend" to > be OpenSSL we will cause more problems than we solve > by getting software to test for LibreSSL, or not try to use the > "version number" as any kind of indicator of features. > > OpenSSH is I believe easiest solved as hanno noted by using arc4random > from libressl's libcrypto - at least until > OpenSSH releases a portable that will likely do the same (I expect > they will simply check for arc4random existing > in both libc and libcrypto, and if it is there, don't provide it, but > I don't speak for the OpenSSH portable guys.
I've committed a fix for portable OpenSSH to build against LibreSSL on the main and 6.6-stable branches. We'll do a release soon, but need to decide first whether it will be portable-only or a full openssh-6.7 release. -d
